CVE - CVE-2005-2703

CVE-ID
CVE-2005-2703	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-58.html DEBIAN:DSA-868 URL:http://www.debian.org/security/2005/dsa-868 DEBIAN:DSA-838 URL:http://www.debian.org/security/2005/dsa-838 DEBIAN:DSA-866 URL:http://www.debian.org/security/2005/dsa-866 FEDORA:FLSA-2006:168375 URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html MANDRIVA:MDKSA-2005:169 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:169 MANDRIVA:MDKSA-2005:170 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:170 MANDRIVA:MDKSA-2005:174 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 REDHAT:RHSA-2005:785 URL:http://www.redhat.com/support/errata/RHSA-2005-785.html REDHAT:RHSA-2005:789 URL:http://www.redhat.com/support/errata/RHSA-2005-789.html REDHAT:RHSA-2005:791 URL:http://www.redhat.com/support/errata/RHSA-2005-791.html SCO:SCOSA-2005.49 URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt SUSE:SUSE-SA:2005:058 URL:http://www.novell.com/linux/security/advisories/2005_58_mozilla.html UBUNTU:USN-200-1 URL:http://www.ubuntu.com/usn/usn-200-1 BID:14923 URL:http://www.securityfocus.com/bid/14923 BID:15495 URL:http://www.securityfocus.com/bid/15495 OVAL:oval:org.mitre.oval:def:10767 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767 VUPEN:ADV-2005-1824 URL:http://www.vupen.com/english/advisories/2005/1824 OVAL:oval:org.mitre.oval:def:1089 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089 SECTRACK:1014954 URL:http://securitytracker.com/id?1014954 SECUNIA:16911 URL:http://secunia.com/advisories/16911 SECUNIA:16917 URL:http://secunia.com/advisories/16917 SECUNIA:17042 URL:http://secunia.com/advisories/17042 SECUNIA:17090 URL:http://secunia.com/advisories/17090 SECUNIA:17149 URL:http://secunia.com/advisories/17149 SECUNIA:17284 URL:http://secunia.com/advisories/17284 SECUNIA:17026 URL:http://secunia.com/advisories/17026 SECUNIA:17263 URL:http://secunia.com/advisories/17263 SECUNIA:16977 URL:http://secunia.com/advisories/16977 SECUNIA:17014 URL:http://secunia.com/advisories/17014 XF:mozilla-xmlhttprequest-spoofing(22376) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
Assigning CNA
N/A
Date Entry Created
20050826	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050826)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.