CVE-2005-3757

Опубликовано: 22 нояб. 2005

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Ссылки

http://metasploit.com/research/vulns/google_proxystylesheet/
Exploit
Patch
Vendor Advisory
http://secunia.com/advisories/17644
Vendor Advisory
http://securitytracker.com/id?1015246
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/20981
Exploit
Patch
http://www.securityfocus.com/archive/1/417310/30/0/threaded
http://www.securityfocus.com/bid/15509
Exploit
Patch
http://www.vupen.com/english/advisories/2005/2500
http://metasploit.com/research/vulns/google_proxystylesheet/
Exploit
Patch
Vendor Advisory
http://secunia.com/advisories/17644
Vendor Advisory
http://securitytracker.com/id?1015246
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/20981
Exploit
Patch
http://www.securityfocus.com/archive/1/417310/30/0/threaded
http://www.securityfocus.com/bid/15509
Exploit
Patch
http://www.vupen.com/english/advisories/2005/2500

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*

cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.75746

Высокий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2005-3757

debian

почти 20 лет назад

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Go ...

GHSA-794r-h374-p262

github

больше 3 лет назад