CVE-2005-3430

Sažetak

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
http://marc.info/?l=bugtraq&m=113053680631151&w=2
http://secunia.com/advisories/17240/
http://securitytracker.com/id?1015117
http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
http://www.securityfocus.com/bid/15230
https://exchange.xforce.ibmcloud.com/vulnerabilities/22907

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

02-11-2005 - 11:02