Vulnerability Description
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snoopy | Snoopy | 1.2 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=113028858316430&w=2
- http://marc.info/?l=bugtraq&m=113062897231412&w=2
- http://secunia.com/advisories/17330
- http://secunia.com/advisories/17455Vendor Advisory
- http://secunia.com/advisories/17779Vendor Advisory
- http://secunia.com/advisories/17887Vendor Advisory
- http://securityreason.com/securityalert/117
- http://securitytracker.com/id?1015104
- http://sourceforge.net/project/shownotes.php?release_id=368750
- http://sourceforge.net/project/shownotes.php?release_id=375385
- http://www.osvdb.org/20316
- http://www.securityfocus.com/bid/15213
- http://www.vupen.com/english/advisories/2005/2202Vendor Advisory
- http://www.vupen.com/english/advisories/2005/2335Vendor Advisory
- http://www.vupen.com/english/advisories/2005/2727Vendor Advisory
FAQ
What is CVE-2005-3330?
CVE-2005-3330 is a vulnerability with a CVSS score of 7.5 (HIGH). The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metach...
How severe is CVE-2005-3330?
CVE-2005-3330 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3330?
Check the references section above for vendor advisories and patch information. Affected products include: Snoopy Snoopy.