Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3430

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3430
Last Modified 07 Mar 2011 09:26:31
Published 02 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3430

Summary

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

Vulnerable Systems

Application

  • Rockliffe Mailsite Express 6.1.20

  • Rockliffe Mailsite Express 6.1.21


References

MISC - http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

FULLDISC - 20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail

XF - mailsiteexpress-attachment-script-execution(22907)

BID - 15230

SECTRACK - 1015117

SECUNIA - 17240


Last Updated: 27 May 2016 10:40:56