CyberSec.Space Logo
返回 CVE 浏览器

CVE-2005-0744

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile35.80th
Published2005年5月2日
Last Modified2026年4月16日

Vulnerability Description

The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.

Affected Platforms (CPE)

📦
Novell

Ichain

= 2.2
📦
Novell

Ichain

= 2.3

References & Advisories

🔗 http://secunia.com/advisories/14527
🔗 http://securitytracker.com/id?1013406
🔗 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/19646
🔗 http://secunia.com/advisories/14527
🔗 http://securitytracker.com/id?1013406
🔗 http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/19646

相关漏洞威胁

CVE-2003-06387.5

Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to caus...

CVE-2003-06367.5

Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which al...

CVE-2019-59237.5

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read...

CVE-2004-23147.5

The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows r...