Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-3347 | First vendor Publication | 2005-11-17 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3347 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200511-18 (phpsysinfo) File : nvt/glsa_200511_18.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpSysInfo File : nvt/freebsd_phpSysInfo0.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 897-1 (phpsysinfo) File : nvt/deb_897_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 898-1 (phpgroupware) File : nvt/deb_898_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 899-1 (egroupware) File : nvt/deb_899_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 918-1 (osh) File : nvt/deb_918_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 21159 | phpSysInfo index.php Multiple Parameter Arbitrary File Access |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-897.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-898.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-899.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-918.nasl - Type : ACT_GATHER_INFO |
| 2005-12-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200511-18.nasl - Type : ACT_GATHER_INFO |
| 2005-11-16 | Name : The remote web server contains a PHP application that is affected by multiple... File : phpsysinfo_241.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:21:41 |
|
| 2024-11-28 12:07:33 |
|
| 2021-05-04 12:03:15 |
|
| 2021-04-22 01:03:32 |
|
| 2020-05-23 00:16:54 |
|
| 2017-07-11 12:02:02 |
|
| 2016-04-26 13:53:42 |
|
| 2014-02-17 10:33:18 |
|
| 2013-05-11 11:33:17 |
|
