PT-2005-1009 · Junkbuster · Junkbuster

James Ranson

Published

2005-04-16

Updated

2017-07-11

CVE-2005-1108

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JunkBuster version 2.0.2-r2

Description The issue allows remote attackers to overwrite the referrer field via a crafted HTTP request, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited remotely.

Recommendations For JunkBuster version 2.0.2-r2, consider disabling the ij untrusted url function as a temporary workaround until a patch is available. Restrict access to the referrer field to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02049

CVE-2005-1108

DSA-713-1

Affected Products

Junkbuster

PT-2005-1009 · Junkbuster · Junkbuster

CVE-2005-1108

Related Identifiers

Affected Products

References · 12