CVE-2005-3757
Last modified
CVE-2005-3757 is a vulnerability of currently unknown severity. The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.. EPSS estimates a 42.18% chance of exploitation in the next 30 days.
Description
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mini Search Appliance | All versions | |
| Search Appliance | All versions |
References
- http://metasploit.com/research/vulns/google_proxystylesheet/Exploit, Patch, Vendor Advisory
- http://secunia.com/advisories/17644Vendor Advisory
- http://securitytracker.com/id?1015246Exploit, Patch, Vendor Advisory
- http://www.osvdb.org/20981Exploit, Patch
- http://www.securityfocus.com/bid/15509Exploit, Patch
- http://metasploit.com/research/vulns/google_proxystylesheet/Exploit, Patch, Vendor Advisory
- http://secunia.com/advisories/17644Vendor Advisory
- http://securitytracker.com/id?1015246Exploit, Patch, Vendor Advisory
- http://www.osvdb.org/20981Exploit, Patch
- http://www.securityfocus.com/bid/15509Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3757?
How severe is CVE-2005-3757?
How do I fix CVE-2005-3757?
Are you affected by CVE-2005-3757?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST