Lucene search

K
cve[email protected]CVE-2005-3757
HistoryNov 22, 2005 - 9:03 p.m.

CVE-2005-3757

2005-11-2221:03:00
web.nvd.nist.gov
23
cve-2005-3757
saxon xslt parser
google mini search appliance
google search appliance
remote code execution
information disclosure
java class methods
xslt style sheets

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.447 Medium

EPSS

Percentile

97.4%

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Affected configurations

NVD
Node
googlemini_search_appliance
OR
googlesearch_appliance

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.447 Medium

EPSS

Percentile

97.4%