Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3757

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3757
Last Modified 07 Mar 2011 09:27:05
Published 22 Nov 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3757

Summary

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Vulnerable Systems


References

BID - 15509

BUGTRAQ - 20051121 Google Search Appliance proxystylesheet Flaws

OSVDB - 20981

SECTRACK - 1015246

MISC - http://metasploit.com/research/vulns/google_proxystylesheet/

VUPEN - ADV-2005-2500

SECUNIA - 17644


Last Updated: 27 May 2016 10:41:02