Lucene search

[email protected]CVE-2005-3005

HistorySep 21, 2005 - 8:03 p.m.

CVE-2005-3005

2005-09-2120:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3005

helpdesk software hesk

authentication bypass

remote attackers

phpsessid

session id

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.

CPENameOperatorVersion
helpdesk_software:heskhelpdesk software heskeq0.93
helpdesk_software:heskhelpdesk software heskeq0.92

CPE	Name	Operator	Version
helpdesk_software:hesk	helpdesk software hesk	eq	0.93
helpdesk_software:hesk	helpdesk software hesk	eq	0.92

References

marc.info/?l=bugtraq&m=112724743530521&w=2

secunia.com/advisories/16859

www.phpjunkyard.com/extras/hesk_0931_patch.zip

www.securityfocus.com/bid/14879

www.vupen.com/english/advisories/2005/1792

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2005-3005

cvelist1