Lucene search

[email protected]CVE-2005-2891

HistorySep 14, 2005 - 8:03 p.m.

CVE-2005-2891

2005-09-1420:03:00

[email protected]

web.nvd.nist.gov

cve-2005-2891

webarchivex.dll

scripting

remote attackers

file manipulation

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.

Affected configurations

NVD

Node

csystemswebarchivexMatch5.5.0.76

CPENameOperatorVersion
csystems:webarchivexcsystems webarchivexeq5.5.0.76

CPE	Name	Operator	Version
csystems:webarchivex	csystems webarchivex	eq	5.5.0.76

References

marc.info/?l=bugtraq&m=112611388014937&w=2

secunia.com/advisories/16722/

security-assessment.com/Advisories/WebArchiveX_-_Unsafe_Methods_Vulnerability.pdf

www.securityfocus.com/bid/14760

www.securitytracker.com/alerts/2005/Sep/1014867.html

exchange.xforce.ibmcloud.com/vulnerabilities/22188

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2005-2891

nvd1 cvelist1