fkie_nvd - fkie_cve-2005-4080

fkie_cve-2005-4080

Vulnerability from fkie_nvd

Published

2005-12-08 01:03

Modified

2025-04-03 01:03

Severity ?

Summary

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/17910
cve@mitre.org	http://securityreason.com/securityalert/232
cve@mitre.org	http://securitytracker.com/id?1015315
cve@mitre.org	http://www.securityfocus.com/archive/1/418734/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/15730/	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2773
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23465
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17910
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/232
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015315
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/418734/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15730/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2773
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23465

Impacted products

Vendor	Product	Version
horde	imp	2.0
horde	imp	2.2
horde	imp	2.2.1
horde	imp	2.2.2
horde	imp	2.2.3
horde	imp	2.2.4
horde	imp	2.2.5
horde	imp	2.2.6
horde	imp	2.2.7
horde	imp	2.2.8
horde	imp	2.3
horde	imp	3.0
horde	imp	3.1
horde	imp	3.1.2
horde	imp	3.2
horde	imp	3.2.1
horde	imp	3.2.2
horde	imp	3.2.3
horde	imp	3.2.4
horde	imp	3.2.5
horde	imp	4.0
horde	imp	4.0.1
horde	imp	4.0.2
horde	imp	4.0.3
horde	imp	4.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:horde:imp:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2A8C5B-6155-4B40-B8C8-B4944064E3DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11E08A4-79D6-46FE-880F-66E9778C298E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A3894F-2E3F-49CA-BEE5-759D603F6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDBDC41-7E6F-4C97-95BD-7DEB2D9FE837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B52D447-8E56-4E04-9650-38D222DA8D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C455353-0401-4975-89BC-C23D32A684F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D9D9E1-D8B7-4A56-BC2F-90BDC97322B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "59DE856E-98FF-4B49-BD7F-3E326FEB89EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED34889-9F98-46BC-9176-557484272C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBC61D-6A08-4DE8-A5E5-A3FC57E7759D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52AEEE6-2364-4CFB-9337-C5CCA54362E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD137160-B80D-4C65-A9A9-CEE12107E3DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E6C2AC8-C21A-4152-AAE6-915ACE65CB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1956C8F0-EB91-4322-85C1-6BE15AA13703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48DEBEB-0C2D-4F6A-AF63-04990D2FD5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E004FA4-0180-458A-8E8C-8167EF684ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0A1617-17D1-4C9F-A818-27321FD2FEAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86CDC19-43C3-4ACC-94B4-388BCC8A2203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9931A5B-CD0C-43A3-B32D-915FF4AF57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDC69F98-A3B4-4573-AFE4-2069218B3454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "184592A5-4108-40DB-8882-9D2468490DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28470602-E3F1-4F04-B012-F91AB95E7A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B584932-BFB2-4462-BC69-B9FCC059F59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "702F7A33-CF9E-4966-B622-E4BD27B120AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:horde:imp:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1BB456-5462-4ACE-AECF-730B1C7BE2CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters."
    }
  ],
  "id": "CVE-2005-4080",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-08T01:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17910"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/232"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015315"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/418734/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/15730/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2773"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/418734/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/15730/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23465"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2005-4080 (GCVE-0-2005-4080)

Vulnerability from cvelistv5

Published

2005-12-08 01:00

Modified

2024-08-07 23:31