Lucene search

[email protected]NVD:CVE-2005-3429

HistoryNov 02, 2005 - 11:02 a.m.

CVE-2005-3429

2005-11-0211:02:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Affected configurations

Nvd

Node

rockliffemailsite_expressRange≤6.1.21

rockliffemailsite_expressMatch6.1.20

VendorProductVersionCPE
rockliffemailsite_express*cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*
rockliffemailsite_express6.1.20cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockliffe	mailsite_express	*	cpe:2.3:a:rockliffe:mailsite_express::::::::
rockliffe	mailsite_express	6.1.20	cpe:2.3:a:rockliffe:mailsite_express:6.1.20:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html

marc.info/?l=bugtraq&m=113053680631151&w=2

securitytracker.com/id?1015117

www.osvdb.org/22682

www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/22906

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for NVD:CVE-2005-3429

cve1 cvelist1