CVE-2005-1857 - Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execut

CVE-2005-1857

Summary

Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.

References

Vulnerable Configurations

cpe:2.3:a:simpleproxy:simpleproxy:2.2b:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:2.2b:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.0:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.0:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.1:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.1:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.2:*:*:*:*:*:*:*
cpe:2.3:a:simpleproxy:simpleproxy:3.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	14666
cert-vn	VU#139421
confirm	http://sourceforge.net/project/shownotes.php?group_id=604&release_id=351847
debian	DSA-786
secunia	16567
xf	simpleproxy-reply-format-string(22016)

Last major update

11-07-2017 - 01:32

Published

02-09-2005 - 22:03

Last modified

11-07-2017 - 01:32