Lucene search

Ubuntu.comUB:CVE-2005-4855

HistoryDec 31, 2005 - 12:00 a.m.

CVE-2005-4855

2005-12-3100:00:00

ubuntu.com

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.1%

JSON

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6
before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not
restrict Image datatype uploads to image content types, which allows remote
authenticated users to upload certain types of files, as demonstrated by
.js files, which may enable cross-site scripting (XSS) attacks or other
attacks.

References

launchpad.net/bugs/cve/CVE-2005-4855

nvd.nist.gov/vuln/detail/CVE-2005-4855

security-tracker.debian.org/tracker/CVE-2005-4855

www.cve.org/CVERecord?id=CVE-2005-4855

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for UB:CVE-2005-4855