Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-3287 | First vendor Publication | 2005-10-23 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3287 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-6 | Argument Injection |
| CAPEC-15 | Command Delimiters |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-63 | Simple Script Injection |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-73 | User-Controlled Filename |
| CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-163 | Spear Phishing |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 20064 | Rockliffe MailSite Express Attachment Arbitrary File Upload |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:21:48 |
|
| 2024-11-28 12:07:32 |
|
| 2021-05-04 12:03:15 |
|
| 2021-04-22 01:03:32 |
|
| 2020-05-23 00:16:54 |
|
| 2013-05-11 11:32:59 |
|
