5

CVE-2005-2395

Exploit
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.38% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securityreason.com/securityalert/8
http://www.osvdb.org/19002
http://www.securiteam.com/securitynews/5PP0L00GUQ.html
http://www.securityfocus.com/archive/1/405666
Exploit
http://www.securityfocus.com/bid/14325
https://bugzilla.mozilla.org/show_bug.cgi?id=281851
https://exchange.xforce.ibmcloud.com/vulnerabilities/22272