5
CVE-2005-2703
- EPSS 1.79%
- Veröffentlicht 23.09.2005 19:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:30
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Mozilla Suite Version <= 1.7.11
Mozilla ≫ Mozilla Suite Version1.7.6
Mozilla ≫ Mozilla Suite Version1.7.7
Mozilla ≫ Mozilla Suite Version1.7.8
Mozilla ≫ Mozilla Suite Version1.7.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.79% | 0.755 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://www.securityfocus.com/bid/15495
http://secunia.com/advisories/16977
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://secunia.com/advisories/17042
http://secunia.com/advisories/17090
http://secunia.com/advisories/17263
http://secunia.com/advisories/17284
http://www.debian.org/security/2005/dsa-866
http://www.debian.org/security/2005/dsa-868
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-791.html
http://www.vupen.com/english/advisories/2005/1824
http://secunia.com/advisories/17149
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://www.ubuntu.com/usn/usn-200-1
http://secunia.com/advisories/16911
http://secunia.com/advisories/16917
http://secunia.com/advisories/17014
http://secunia.com/advisories/17026
http://securitytracker.com/id?1014954
http://www.debian.org/security/2005/dsa-838
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.securityfocus.com/bid/14923
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089