Lucene search

[email protected]CVE-2005-1308

HistoryApr 15, 2005 - 4:00 a.m.

CVE-2005-1308

2005-04-1504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sqwebmail

remote attackers

web script injection

html injection

crlf sequences

security vulnerability

6.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

CPENameOperatorVersion
inter7:sqwebmailinter7 sqwebmaileq3.5.0
inter7:sqwebmailinter7 sqwebmaileq4.0.4_2004-05-24
inter7:sqwebmailinter7 sqwebmaileq3.4.1
inter7:sqwebmailinter7 sqwebmaileq3.6.0
inter7:sqwebmailinter7 sqwebmaileq3.6.1
inter7:sqwebmailinter7 sqwebmaileq3.5.3
inter7:sqwebmailinter7 sqwebmaileq3.5.2
inter7:sqwebmailinter7 sqwebmaileq3.5.1
inter7:sqwebmailinter7 sqwebmaileq4.0.5

CPE	Name	Operator	Version
inter7:sqwebmail	inter7 sqwebmail	eq	3.5.0
inter7:sqwebmail	inter7 sqwebmail	eq	4.0.4_2004-05-24
inter7:sqwebmail	inter7 sqwebmail	eq	3.4.1
inter7:sqwebmail	inter7 sqwebmail	eq	3.6.0
inter7:sqwebmail	inter7 sqwebmail	eq	3.6.1
inter7:sqwebmail	inter7 sqwebmail	eq	3.5.3
inter7:sqwebmail	inter7 sqwebmail	eq	3.5.2
inter7:sqwebmail	inter7 sqwebmail	eq	3.5.1
inter7:sqwebmail	inter7 sqwebmail	eq	4.0.5

References

secunia.com/advisories/15119

www.securityfocus.com/bid/13374

6.6 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.5%

JSON

Related for CVE-2005-1308

debiancve1 nessus1 cvelist1