Lucene search

[email protected]CVE-2005-4874

HistoryMar 28, 2008 - 11:00 p.m.

CVE-2005-4874

2008-03-2823:00:00

CWE-94

[email protected]

web.nvd.nist.gov

mozilla

xmlhttprequest

security vulnerability

http trace

cve-2005-4874

nvd

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a “Max-Forwards: 0” header or (2) arbitrary local passwords on the web server that hosts this object.

Affected configurations

NVD

Node

mozillamozillaMatch1.7.8

CPENameOperatorVersion
mozilla:mozillamozillaeq1.7.8

CPE	Name	Operator	Version
mozilla:mozilla	mozilla	eq	1.7.8

References

bugzilla.mozilla.org/show_bug.cgi?id=297078

bugzilla.mozilla.org/show_bug.cgi?id=302489

exchange.xforce.ibmcloud.com/vulnerabilities/41553

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

Related for CVE-2005-4874

nvd1 ubuntucve1 cvelist1