Sensitive Information Exposure in Google Mini Search Appliance
CVE-2005-3757

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 22 November 2005

Summary

The Saxon XSLT parser in the Google Mini Search Appliance, along with the Google Search Appliance, contains a vulnerability that allows remote attackers to exploit specific dangerous Java class methods in certain attributes of xsl:value-of tags within XSLT stylesheets. This exposure may lead to unauthorized access to sensitive information and the potential execution of arbitrary code, utilizing methods such as system-property, sys:getProperty, and run:exec. The flaw poses a significant risk, as it allows for targeted manipulation by attackers, putting users at risk of data breaches.

References

http://secunia.com/advisories/17644

third-party-advisoryx_refsource_SECUNIA

http://metasploit.com/research/vulns/google_proxystylesheet/

x_refsource_MISC

http://www.securityfocus.com/archive/1/417310/30/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 22, 2005
Vulnerability Reserved
Nov 22, 2005