Vulnerability Description
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockliffe | Mailsite Express | <= 6.1.21 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlPatch
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://secunia.com/advisories/17240/Vendor Advisory
- http://securitytracker.com/id?1015117
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_VulnerabPatchVendor Advisory
- http://www.securityfocus.com/bid/15230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22907
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlPatch
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://secunia.com/advisories/17240/Vendor Advisory
- http://securitytracker.com/id?1015117
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_VulnerabPatchVendor Advisory
- http://www.securityfocus.com/bid/15230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22907
FAQ
What is CVE-2005-3430?
CVE-2005-3430 is a vulnerability with a CVSS score of 7.5 (HIGH). Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1)...
How severe is CVE-2005-3430?
CVE-2005-3430 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3430?
Check the references section above for vendor advisories and patch information. Affected products include: Rockliffe Mailsite Express.