Vulnerability Details : CVE-2005-3757
Public exploit exists!
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Vulnerability category: Execute code
Products affected by CVE-2005-3757
- cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3757
42.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2005-3757
-
Google Appliance ProxyStyleSheet Command Execution
Disclosure Date: 2005-08-16First seen: 2020-04-26exploit/unix/webapp/google_proxystylesheet_execThis module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance
CVSS scores for CVE-2005-3757
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-3757
-
http://www.vupen.com/english/advisories/2005/2500
-
http://metasploit.com/research/vulns/google_proxystylesheet/
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/417310/30/0/threaded
-
http://securitytracker.com/id?1015246
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15509
Google Search Appliance ProxyStyleSheet Multiple Remote VulnerabilitiesExploit;Patch
Jump to