Lucene search

[email protected]CVE-2005-2843

HistorySep 08, 2005 - 10:03 a.m.

CVE-2005-2843

2005-09-0810:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2843

helpdesk software

hesk 0.92

authentication bypass

remote attackers

vulnerability

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.

CPENameOperatorVersion
helpdesk_software:heskhelpdesk software heskeq0.92

CPE	Name	Operator	Version
helpdesk_software:hesk	helpdesk software hesk	eq	0.92

References

marc.info/?l=bugtraq&m=112534893423213&w=2

marc.info/?l=bugtraq&m=112545306117124&w=2

secunia.com/advisories/16623/

www.securityfocus.com/bid/14692

exchange.xforce.ibmcloud.com/vulnerabilities/22054

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for CVE-2005-2843

cvelist1