Lucene search

[email protected]CVE-2005-3421

HistoryNov 01, 2005 - 9:02 p.m.

CVE-2005-3421

2005-11-0121:02:00

[email protected]

web.nvd.nist.gov

cve-2005-3421

estcmd

hyper estraier

remote code execution

windows

unicode characters

unauthorized access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.

Affected configurations

NVD

Node

hyper_estraierhyper_estraierMatch1.0windows

hyper_estraierhyper_estraierMatch1.0.1windows

CPENameOperatorVersion
hyper_estraier:hyper_estraierhyper estraiereq1.0
hyper_estraier:hyper_estraierhyper estraiereq1.0.1

CPE	Name	Operator	Version
hyper_estraier:hyper_estraier	hyper estraier	eq	1.0
hyper_estraier:hyper_estraier	hyper estraier	eq	1.0.1

References

jvn.jp/jp/JVN%2318282718/index.html

secunia.com/advisories/17379

securitytracker.com/id?1015119

sourceforge.net/project/shownotes.php?release_id=366565

www.securityfocus.com/bid/15236

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2005-3421

cvelist1 nvd1