Lucene search

[email protected]NVD:CVE-2005-3560

HistoryNov 16, 2005 - 7:42 a.m.

CVE-2005-3560

2005-11-1607:42:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.057

Percentile

93.4%

JSON

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the “Advanced Program Control and OS Firewall filters” setting via URLs in “HTML Modal Dialogs” (window.location.href) contained within JavaScript tags.

Affected configurations

Nvd

Node

zonelabszonealarmMatch6.0

zonelabszonealarmMatch6.0pro

zonelabszonealarm_anti-spywareMatch6.0

zonelabszonealarm_anti-spywareMatch6.1

zonelabszonealarm_antivirusMatch6.0

zonelabszonealarm_security_suiteMatch6.0

VendorProductVersionCPE
zonelabszonealarm6.0cpe:2.3:a:zonelabs:zonealarm:6.0:*:*:*:*:*:*:*
zonelabszonealarm6.0cpe:2.3:a:zonelabs:zonealarm:6.0:*:pro:*:*:*:*:*
zonelabszonealarm_anti-spyware6.0cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.0:*:*:*:*:*:*:*
zonelabszonealarm_anti-spyware6.1cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.1:*:*:*:*:*:*:*
zonelabszonealarm_antivirus6.0cpe:2.3:a:zonelabs:zonealarm_antivirus:6.0:*:*:*:*:*:*:*
zonelabszonealarm_security_suite6.0cpe:2.3:a:zonelabs:zonealarm_security_suite:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zonelabs	zonealarm	6.0	cpe:2.3:a:zonelabs:zonealarm:6.0:::::::*
zonelabs	zonealarm	6.0	cpe:2.3:a:zonelabs:zonealarm:6.0::pro:::::
zonelabs	zonealarm_anti-spyware	6.0	cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.0:::::::*
zonelabs	zonealarm_anti-spyware	6.1	cpe:2.3:a:zonelabs:zonealarm_anti-spyware:6.1:::::::*
zonelabs	zonealarm_antivirus	6.0	cpe:2.3:a:zonelabs:zonealarm_antivirus:6.0:::::::*
zonelabs	zonealarm_security_suite	6.0	cpe:2.3:a:zonelabs:zonealarm_security_suite:6.0:::::::*

References

secunia.com/advisories/17450

securityreason.com/securityalert/155

www.osvdb.org/20677

www.securityfocus.com/archive/1/415968

www.securityfocus.com/bid/15347

exchange.xforce.ibmcloud.com/vulnerabilities/22971

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.057

Percentile

93.4%

JSON

Related for NVD:CVE-2005-3560

exploitdb1 cvelist1 cve1