CVE-2005-3430
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
02/11/2005
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:* | 6.1.21 (incluyendo) | |
| cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://secunia.com/advisories/17240/
- http://securitytracker.com/id?1015117=
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
- http://www.securityfocus.com/bid/15230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22907
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://secunia.com/advisories/17240/
- http://securitytracker.com/id?1015117=
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
- http://www.securityfocus.com/bid/15230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22907