Directory Traversal Vulnerability in Google Mini Search Appliance
CVE-2005-3755

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 22 November 2005

Summary

A directory traversal vulnerability exists in the Google Mini Search Appliance, and possibly in the Google Search Appliance, allowing remote attackers to exploit this flaw. By sending carefully crafted requests that include a relative path from a style sheet directory, they can ascertain the existence of arbitrary files on the server. This exploitation can lead to the disclosure of sensitive information through error messages that reveal file paths.

References

http://secunia.com/advisories/17644

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/20977

vdb-entryx_refsource_OSVDB

http://metasploit.com/research/vulns/google_proxystylesheet/

x_refsource_MISC

Timeline

Vulnerability published
Nov 22, 2005
Vulnerability Reserved
Nov 22, 2005