CVE-2005-2703

CVSS V2 Medium 5 CVSS V3 None
Description
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Overview
  • CVE ID
  • CVE-2005-2703
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2005-09-23T19:03:00
  • Last Modified Date
  • 2017-10-11T01:30:18
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 1.0.6
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* 1 OR 1.7.11
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.mozilla.org/security/announce/mfsa2005-58.html
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://securitytracker.com/id?1014954
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.ubuntu.com/usn/usn-200-1
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
http://www.securityfocus.com/bid/14923
http://secunia.com/advisories/16911 Vendor Advisory
http://secunia.com/advisories/16917 Vendor Advisory
http://www.debian.org/security/2005/dsa-868
http://www.redhat.com/support/errata/RHSA-2005-791.html
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://www.securityfocus.com/bid/15495
http://secunia.com/advisories/17042 Vendor Advisory
http://secunia.com/advisories/17090 Vendor Advisory
http://secunia.com/advisories/17149 Vendor Advisory
http://secunia.com/advisories/17284 Vendor Advisory
http://www.debian.org/security/2005/dsa-838
http://www.debian.org/security/2005/dsa-866
http://secunia.com/advisories/17026 Vendor Advisory
http://secunia.com/advisories/17263 Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://secunia.com/advisories/16977 Vendor Advisory
http://secunia.com/advisories/17014 Vendor Advisory
http://www.vupen.com/english/advisories/2005/1824
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
History
Created Old Value New Value Data Type Notes
2022-05-10 19:00:00 Added to TrackCVE