CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
http://issues.ez.no/7459
http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0
http://issues.ez.no/7459

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ez:ez_publish::::::::
	cpe:2.3:a:ez:ez_publish:3.5.0:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.1:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.2:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.3:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.4:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.5:::::::*
	cpe:2.3:a:ez:ez_publish:3.5.6:::::::*
	cpe:2.3:a:ez:ez_publish:3.6.0:::::::*
	cpe:2.3:a:ez:ez_publish:3.6.1:::::::*
	cpe:2.3:a:ez:ez_publish:3.6.2:::::::*
	cpe:2.3:a:ez:ez_publish:3.6.3:::::::*
	cpe:2.3:a:ez:ez_publish:3.6.4:::::::*
	cpe:2.3:a:ez:ez_publish:3.7.0:::::::*
	cpe:2.3:a:ez:ez_publish:3.7.1:::::::*
	cpe:2.3:a:ez:ez_publish:3.7.2:::::::*

History

21 Nov 2024, 00:05

Type	Values Removed	Values Added
References	~~() http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 -~~	() http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0 -
References	~~() http://issues.ez.no/7459 -~~	() http://issues.ez.no/7459 -

Information

Published : 2005-12-31 05:00

Updated : 2024-11-21 00:05

NVD link : CVE-2005-4857

Mitre link : CVE-2005-4857

CVE.ORG link : CVE-2005-4857

JSON object : View

Products Affected

ez

ez_publish

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2005-4857", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", "source": "cve@mitre.org"}, {"url": "http://issues.ez.no/7459", "source": "cve@mitre.org"}, {"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://issues.ez.no/7459", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a \"memory addressing error\"."}], "lastModified": "2024-11-21T00:05:20.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CDE6E82-F846-4CB2-914B-2C823676D8C5", "versionEndIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFCB98A-B28B-4BC0-AF70-A75FD5845C87"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "489A43E7-1190-4F14-8499-7597013C8260"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F1FB755-41D8-4C8F-91EB-419C362F8FAF"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C966B6E-75DC-4470-B1F5-22424AF8EBEA"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA4CD0FB-13BD-4DDB-B82C-7204206F764F"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE243CE3-75E4-4C29-BF80-30FEB6321BC2"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "504FCE83-4801-4ACC-81DF-402841B2B121"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B14B2E33-CB8C-4F40-B7D1-3FE67E9D6D1F"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E163DA2F-053F-4D9F-B793-9A2B70ADE342"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECA5BE97-28F9-4DEE-BAB3-093D6F35F730"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6035B56A-94C9-4131-9C49-3EE37DCE23A7"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F8F2AC-AB82-4925-91D2-A6DE65E4A4FD"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDF55F25-B30D-4FC9-ADA7-7F185CD5338F"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CC77C98-2C37-49CE-AFB4-49D84BEC78FE"}, {"criteria": "cpe:2.3:a:ez:ez_publish:3.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "568B3930-DDA1-4582-B1E8-BA4B4E83E49B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}