Lucene search

MitreCVE-2005-1091

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1091

2005-05-0204:00:00

mitre

web.nvd.nist.gov

maxthon

security bypass

remote attack

plugin api

cve-2005-1091

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.011

Percentile

84.2%

JSON

Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.

Affected configurations

Nvd

Node

maxthonmaxthonMatch1.2

maxthonmaxthonMatch1.2.1

VendorProductVersionCPE
maxthonmaxthon1.2cpe:2.3:a:maxthon:maxthon:1.2:*:*:*:*:*:*:*
maxthonmaxthon1.2.1cpe:2.3:a:maxthon:maxthon:1.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
maxthon	maxthon	1.2	cpe:2.3:a:maxthon:maxthon:1.2:::::::*
maxthon	maxthon	1.2.1	cpe:2.3:a:maxthon:maxthon:1.2.1:::::::*

References

secunia.com/advisories/14918

www.osvdb.org/15424

www.raffon.net/advisories/maxthon/multvulns.html

www.securityfocus.com/bid/13073

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.011

Percentile

84.2%

JSON

Related for CVE-2005-1091