CVE-2005-0085

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Published: 2005-04-27 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2005-0085 is rated Moderate Risk (56.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 4.72%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2005-0085

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 6.42% 4.72% -1.69%
2 2025-03-29 4.72% 6.42% +1.69%
3 2025-03-19 4.72%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2005-0085

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 6.4 [email protected]

Weakness enumeration for CVE-2005-0085

OS Trackers for CVE-2005-0085

vendor priority summary link
debian not yet assigned CVE-2005-0085 not yet assigned priority: Debian including 1 source packages (htdig), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2005-0085
redhat medium https://access.redhat.com/security/cve/CVE-2005-0085
ubuntu medium CVE-2005-0085 medium priority: Ubuntu including 1 source packages (htdig), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1. https://ubuntu.com/security/CVE-2005-0085

Vendor comments (NVD) for CVE-2005-0085

  • Red Hat (2006-08-30T00:00:00)

    Not vulnerable. These issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263

Affected software / configurations for CVE-2005-0085

Vendor Product Version Raw CPE
htdig htdig 3.1.5 cpe:2.3:a:htdig:htdig:3.1.5:*:*:*:*:*:*:*
htdig htdig 3.1.5_7 cpe:2.3:a:htdig:htdig:3.1.5_7:*:*:*:*:*:*:*
htdig htdig 3.1.5_8 cpe:2.3:a:htdig:htdig:3.1.5_8:*:*:*:*:*:*:*
htdig htdig 3.1.6 cpe:2.3:a:htdig:htdig:3.1.6:*:*:*:*:*:*:*
htdig htdig 3.2.0 cpe:2.3:a:htdig:htdig:3.2.0:*:*:*:*:*:*:*
htdig htdig 3.2.0b2 cpe:2.3:a:htdig:htdig:3.2.0b2:*:*:*:*:*:*:*
htdig htdig 3.2.0b3 cpe:2.3:a:htdig:htdig:3.2.0b3:*:*:*:*:*:*:*
htdig htdig 3.2.0b4 cpe:2.3:a:htdig:htdig:3.2.0b4:*:*:*:*:*:*:*
htdig htdig 3.2.0b5 cpe:2.3:a:htdig:htdig:3.2.0b5:*:*:*:*:*:*:*
htdig htdig 3.2.0b6 cpe:2.3:a:htdig:htdig:3.2.0b6:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 10.0 cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 10.0 cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
mandrakesoft mandrake_linux 10.1 cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 10.1 cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 2.1 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 2.1 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 3.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 3.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
redhat fedora_core core_3.0 cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
suse suse_linux 8.0 cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*
suse suse_linux 8.0 cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*
suse suse_linux 8.1 cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
suse suse_linux 8.2 cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
suse suse_linux 9.0 cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
suse suse_linux 9.0 cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
suse suse_linux 9.1 cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
suse suse_linux 9.2 cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

References for CVE-2005-0085

URL Tags
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
http://secunia.com/advisories/14255
http://secunia.com/advisories/14276
http://secunia.com/advisories/14303
http://secunia.com/advisories/14795
http://secunia.com/advisories/15007
http://secunia.com/advisories/17414
http://secunia.com/advisories/17415
http://securitytracker.com/id?1013078
http://www.debian.org/security/2005/dsa-680 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:063
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
http://www.redhat.com/support/errata/RHSA-2005-073.html
http://www.redhat.com/support/errata/RHSA-2005-090.html
http://www.securityfocus.com/bid/12442 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878
cvelogic Threat Intelligence