Published: 02/05/2005 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote malicious users to overwrite the referrer field via a crafted HTTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
junkbuster internet junkbuster 2.0.2_r2

Debian Bug report logs - #304793 junkbuster: Attacker might be able to modify settings Package: junkbuster; Maintainer for junkbuster is (unknown); Reported by: Helge Kreutzmann <kreutzm@itpuni-hannoverde> Date: Fri, 15 Apr 2005 14:48:18 UTC Severity: grave Tags: security, woody Found in version 202-02 Fixed in versi ...

Several bugs have been found in junkbuster, a HTTP proxy and filter The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2005-1108 James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidentally overwriting a global variable CAN-2005-1109 ...

NVD-CWE-Other http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml http://bugs.gentoo.org/show_bug.cgi?id=88537 http://www.securityfocus.com/bid/13147 http://www.osvdb.org/15502 http://secunia.com/advisories/14932/http://www.debian.org/security/2005/dsa-713 https://exchange.xforce.ibmcloud.com/vulnerabilities/20093 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304793 https://nvd.nist.gov https://www.debian.org/security/./dsa-713

CVE-2005-1108

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect