Lucene search

[email protected]NVD:CVE-2005-4582

HistoryDec 29, 2005 - 11:03 a.m.

CVE-2005-4582

2005-12-2911:03:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. However, a client would reasonably expect to receive content only from the server.

Affected configurations

Nvd

Node

scott_draveselectric_sheepMatch2.6.3

VendorProductVersionCPE
scott_draveselectric_sheep2.6.3cpe:2.3:a:scott_draves:electric_sheep:2.6.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scott_draves	electric_sheep	2.6.3	cpe:2.3:a:scott_draves:electric_sheep:2.6.3:::::::*

References

securityreason.com/securityalert/295

www.securityfocus.com/archive/1/420161/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/23892

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for NVD:CVE-2005-4582

cvelist1 cve1