漏洞信息(CVE-2005-2703)

一、漏洞 CVE-2005-2703 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

Firefox 1.0.7 之前和 Mozilla Suite 1.7.12 之前版本允许远程攻击者通过 XMLHttpRequest 修改 XML HTTP 请求的 HTTP 头，并可能利用客户端漏洞攻击服务器或代理的漏洞，包括 HTTP 请求 smuggling 和 HTTP 请求分割。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Mozilla套件和Firefox浏览器 HTTP请求注入漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Mozilla套件和Firefox是非常流行的开放源码WEB浏览器。 Mozilla和Firefox浏览器中存在任意HTTP请求注入漏洞，成功利用这个漏洞的攻击者可以绕过XMLHttpRequest的同源限制，如读取防火墙中内网服务器上的文件。攻击者可以向XMLHttpRequest添加非法的畸形首部，从用户机器攻击服务器或代理漏洞，或诱骗服务器或代理相信单个请求是一些独立请求流。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

代码注入

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2005-2703 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2005-2703 的情报信息

http://www.mozilla.org/security/announce/mfsa2005-58.html x_refsource_CONFIRM
http://secunia.com/advisories/16917 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17284 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/16911 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17042 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17149 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17263 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17026 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/15495 vdb-entry x_refsource_BID
http://secunia.com/advisories/16977 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/14923 vdb-entry x_refsource_BID
http://secunia.com/advisories/17014 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/17090 third-party-advisory x_refsource_SECUNIA
http://securitytracker.com/id?1014954 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2005/dsa-838 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2005/dsa-866 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2005/dsa-868 vendor-advisory x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-200-1 vendor-advisory x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2005-791.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-789.html vendor-advisory x_refsource_REDHAT
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt vendor-advisory x_refsource_SCO
http://www.vupen.com/english/advisories/2005/1824 vdb-entry x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2005-785.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170 vendor-advisory x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169 vendor-advisory x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 vendor-advisory x_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html vendor-advisory x_refsource_SUSE
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html vendor-advisory x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089 vdb-entry signature x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/22376 vdb-entry x_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2005-2703

一、 漏洞 CVE-2005-2703 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2005-2703 的公开POC

三、漏洞 CVE-2005-2703 的情报信息

一、漏洞 CVE-2005-2703 基础信息