Vulnerabilities > CVE-2005-3757 - Remote vulnerability in Google Mini Search Appliance and Search Appliance
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Exploit-Db
description Google Appliance ProxyStyleSheet Command Execution. CVE-2005-3757. Webapps exploit for hardware platform id EDB-ID:16907 last seen 2016-02-02 modified 2010-07-01 published 2010-07-01 reporter metasploit source https://www.exploit-db.com/download/16907/ title Google Appliance ProxyStyleSheet Command Execution description Google Search Appliance proxystylesheet XSLT Java Code Execution. CVE-2005-3757. Remote exploit for hardware platform id EDB-ID:1333 last seen 2016-01-31 modified 2005-11-20 published 2005-11-20 reporter H D Moore source https://www.exploit-db.com/download/1333/ title Google Search Appliance proxystylesheet XSLT Java Code Execution
Metasploit
| description | This module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/GOOGLE_PROXYSTYLESHEET_EXEC |
| last seen | 2020-01-13 |
| modified | 2017-07-24 |
| published | 2007-03-12 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3757 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/google_proxystylesheet_exec.rb |
| title | Google Appliance ProxyStyleSheet Command Execution |
Nessus
| NASL family | CGI abuses |
| NASL id | GOOGLE_SEARCH_APPLIANCE_PROXYSTYLESHEET.NASL |
| description | The remote Google Search Appliance / Mini Search Appliance fails to sanitize user-supplied input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20241 |
| published | 2005-11-22 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20241 |
| title | Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID) |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82357/google_proxystylesheet_exec.rb.txt |
| id | PACKETSTORM:82357 |
| last seen | 2016-12-05 |
| published | 2009-10-30 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/82357/Google-Appliance-ProxyStyleSheet-Command-Execution.html |
| title | Google Appliance ProxyStyleSheet Command Execution |
References
- http://metasploit.com/research/vulns/google_proxystylesheet/
- http://secunia.com/advisories/17644
- http://securitytracker.com/id?1015246
- http://www.osvdb.org/20981
- http://www.securityfocus.com/archive/1/417310/30/0/threaded
- http://www.securityfocus.com/bid/15509
- http://www.vupen.com/english/advisories/2005/2500