Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0612

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-0612
Last Modified 05 Sep 2008 04:38:54
Published 06 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0612

Summary

The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.

Vulnerable Systems

Application

  • Zonelabs Zonealarm 5.0.590.015


References

XF - zonealarm-mobile-code-bypass(16471)

BID - 10584

BUGTRAQ - 20040621 ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability

BUGTRAQ - 20040625 Zone Labs response to "ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability"


Last Updated: 27 May 2016 10:38:40