CVE-2005-3287 : Incomplete blacklist vulnerability in Mailsite Express allows remote attackers t

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.

Published 2005-10-23 10:02:00

Updated 2008-09-05 20:53:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-3287

Rockliffe » Mailsite Express
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-3287

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-3287

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2005-3287

http://securitytracker.com/id?1015063

Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2005-3287

Products affected by CVE-2005-3287

Exploit prediction scoring system (EPSS) score for CVE-2005-3287

CVSS scores for CVE-2005-3287

References for CVE-2005-3287