CVE-2005-3425

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/17351
http://secunia.com/advisories/17355
http://secunia.com/advisories/17449
http://secunia.com/advisories/17831
http://securitytracker.com/id?1015118
http://www.debian.org/security/2005/dsa-877	Patch Vendor Advisory
http://www.gnu.org/software/gnump3d/ChangeLog
http://www.novell.com/linux/security/advisories/2005_28_sr.html
http://www.securityfocus.com/bid/15341

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gnump3d:2.0:::::::*
	cpe:2.3:a:gnu:gnump3d:2.1:::::::*
	cpe:2.3:a:gnu:gnump3d:2.2:::::::*
	cpe:2.3:a:gnu:gnump3d:2.3:::::::*
	cpe:2.3:a:gnu:gnump3d:2.4:::::::*
	cpe:2.3:a:gnu:gnump3d:2.5:::::::*
	cpe:2.3:a:gnu:gnump3d:2.5b:::::::*
	cpe:2.3:a:gnu:gnump3d:2.6:::::::*
	cpe:2.3:a:gnu:gnump3d:2.7:::::::*
	cpe:2.3:a:gnu:gnump3d:2.8:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.1:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.2:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.3:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.4:::::::*
	cpe:2.3:a:gnu:gnump3d:2.9.5:::::::*

History

No history.

Information

Published : 2005-11-01 22:02

Updated : 2024-02-04 16:52

NVD link : CVE-2005-3425

Mitre link : CVE-2005-3425

CVE.ORG link : CVE-2005-3425

JSON object : View

Products Affected

gnu

gnump3d

CWE

NVD-CWE-Other

{"id": "CVE-2005-3425", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-11-01T22:02:00.000", "references": [{"url": "http://secunia.com/advisories/17351", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17355", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17449", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17831", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015118", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2005/dsa-877", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gnu.org/software/gnump3d/ChangeLog", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/15341", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."}], "lastModified": "2008-09-05T20:54:21.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnump3d:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DA61808-36A9-4A80-B664-0A7B5F6A3052"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36B49901-3341-41CD-A731-553BC379DCA6"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9262694-51F5-4B95-830A-272737ECC2BA"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B492A11B-7E67-45B9-8C6C-2EDAC714DF49"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E11F283A-83C6-420F-8F68-8E3C45998770"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B68CD0-E227-4C59-9FF6-8A5E39133752"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.5b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F23C56-CA91-46E2-828C-453924C71991"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A11DA871-1105-4C94-80F4-5DF94E870DEE"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1305B46-A74E-4946-8BED-14C3671140D9"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "818D5BB6-56A8-4A01-BCA8-2FC2F5089A1D"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF"}, {"criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}