cvelistv5 - cve-2005-1342

CVE-2005-1342 (GCVE-0-2005-1342)

Vulnerability from cvelistv5 – Published: 2005-05-04 04:00 – Updated: 2024-08-07 21:44

Summary

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://remahl.se/david/vuln/011/	x_refsource_MISC
	http://www.securityfocus.com/bid/13480	vdb-entryx_refsource_BID
	http://www.us-cert.gov/cas/techalerts/TA05-136A.html	third-party-advisoryx_refsource_CERT
	http://www.osvdb.org/16084	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/15227	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/356070	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2005/0455	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:44:06.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://remahl.se/david/vuln/011/"
          },
          {
            "name": "13480",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13480"
          },
          {
            "name": "TA05-136A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "16084",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/16084"
          },
          {
            "name": "15227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15227"
          },
          {
            "name": "VU#356070",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/356070"
          },
          {
            "name": "ADV-2005-0455",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/0455"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-08-19T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://remahl.se/david/vuln/011/"
        },
        {
          "name": "13480",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13480"
        },
        {
          "name": "TA05-136A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
        },
        {
          "name": "16084",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/16084"
        },
        {
          "name": "15227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15227"
        },
        {
          "name": "VU#356070",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/356070"
        },
        {
          "name": "ADV-2005-0455",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/0455"
        },
        {
          "name": "APPLE-SA-2005-05-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://remahl.se/david/vuln/011/",
              "refsource": "MISC",
              "url": "http://remahl.se/david/vuln/011/"
            },
            {
              "name": "13480",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13480"
            },
            {
              "name": "TA05-136A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
            },
            {
              "name": "16084",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/16084"
            },
            {
              "name": "15227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15227"
            },
            {
              "name": "VU#356070",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/356070"
            },
            {
              "name": "ADV-2005-0455",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/0455"
            },
            {
              "name": "APPLE-SA-2005-05-03",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1342",
    "datePublished": "2005-05-04T04:00:00",
    "dateReserved": "2005-04-27T00:00:00",
    "dateUpdated": "2024-08-07T21:44:06.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8446AA29-3C8A-45DA-88E3-D535F5A2BABA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFDADE04-29F0-446B-824B-0518880CF0A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED9BE602-A740-4CF7-9CAF-59061B16AB31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E698C1-C313-40E6-BAF9-7C8F9CF02484\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF2D00AC-FA2A-4C39-B796-DC19072862CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"421079DA-B605-4E05-9454-C30CF7631CF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93B734BA-3435-40A9-B22B-5D56CEB865A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30897327-44DD-4D6C-B8B6-2D66C44EA55D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B79D8F73-2E78-4A67-96BB-21AD9BCB0094\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.\"}]",
      "id": "CVE-2005-1342",
      "lastModified": "2024-11-20T23:57:07.677",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-05-04T04:00:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://remahl.se/david/vuln/011/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/15227\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/356070\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/16084\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/13480\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA05-136A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2005/0455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://remahl.se/david/vuln/011/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/15227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/356070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/16084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/13480\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA05-136A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2005/0455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-1342\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-05-04T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8446AA29-3C8A-45DA-88E3-D535F5A2BABA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFDADE04-29F0-446B-824B-0518880CF0A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED9BE602-A740-4CF7-9CAF-59061B16AB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E698C1-C313-40E6-BAF9-7C8F9CF02484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF2D00AC-FA2A-4C39-B796-DC19072862CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421079DA-B605-4E05-9454-C30CF7631CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B734BA-3435-40A9-B22B-5D56CEB865A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30897327-44DD-4D6C-B8B6-2D66C44EA55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79D8F73-2E78-4A67-96BB-21AD9BCB0094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://remahl.se/david/vuln/011/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/15227\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/356070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/16084\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/13480\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA05-136A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2005/0455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://remahl.se/david/vuln/011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/15227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/356070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/16084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/13480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA05-136A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2005/0455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2005-1342

Vulnerability from fkie_nvd - Published: 2005-05-04 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2005/May/msg00001.html	Patch, Vendor Advisory
cve@mitre.org	http://remahl.se/david/vuln/011/	Exploit, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/15227	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/356070	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.osvdb.org/16084	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/13480	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA05-136A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2005/0455
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2005/May/msg00001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://remahl.se/david/vuln/011/	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/15227	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/356070	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/16084	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13480	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA05-136A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/0455

Impacted products

Vendor	Product	Version
apple	terminal	1.4.4
apple	mac_os_x	10.3
apple	mac_os_x	10.3.1
apple	mac_os_x	10.3.2
apple	mac_os_x	10.3.3
apple	mac_os_x	10.3.4
apple	mac_os_x	10.3.5
apple	mac_os_x	10.3.6
apple	mac_os_x	10.3.7
apple	mac_os_x	10.3.8
apple	mac_os_x	10.3.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8446AA29-3C8A-45DA-88E3-D535F5A2BABA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFDADE04-29F0-446B-824B-0518880CF0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9BE602-A740-4CF7-9CAF-59061B16AB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E698C1-C313-40E6-BAF9-7C8F9CF02484",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "30897327-44DD-4D6C-B8B6-2D66C44EA55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B79D8F73-2E78-4A67-96BB-21AD9BCB0094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands."
    }
  ],
  "id": "CVE-2005-1342",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-04T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://remahl.se/david/vuln/011/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/356070"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.osvdb.org/16084"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13480"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/0455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://remahl.se/david/vuln/011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/356070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.osvdb.org/16084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0455"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-G2F6-93C5-WQ6V

Vulnerability from github – Published: 2022-05-01 01:57 – Updated: 2025-04-03 04:12

Details

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-1342"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-04T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.",
  "id": "GHSA-g2f6-93c5-wq6v",
  "modified": "2025-04-03T04:12:41Z",
  "published": "2022-05-01T01:57:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1342"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://remahl.se/david/vuln/011"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/15227"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/356070"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/16084"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/13480"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/0455"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200505-0310

Vulnerability from variot - Updated: 2024-07-23 19:27

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. http://docs.info.apple.com/article.html?artnum=301528.

This email contains brief summaries of the problems. Full details can
be found on my web site http://remahl.se/david/vuln/.

Description: help: URI handler execution of JavaScripts with known
paths vulnerability My name: DR004 http://remahl.se/david/vuln/004/ CVE: CAN-2005-1337 [yes, cool, isn't it ;-)] Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.

Description: Invisible characters in applescript: URL protocol
messaging vulnerability My name: DR010 http://remahl.se/david/vuln/010/ CVE: CAN-2005-1331 Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed. Using
escape sequences and social engineering attacks it is in some cases
possible to trick the user into performing arbitrary commands.

I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful.

/ Regards, David Remahl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a PJwheHWkjnBAG4kNnAa/6QE= =iJNj -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200505-0310",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "terminal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.4.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "BID",
        "id": "13502"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Remahl\u203b vuln@remahl.se",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-1342",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-12551",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-1342",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#356070",
            "trust": 0.8,
            "value": "22.31"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200505-910",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-12551",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nI have published advisories for 4 security vulnerabilities in Mac OS  \nX that were addressed by Apple Security Update 2005-005, released  \ntoday. \u003chttp://docs.info.apple.com/article.html?artnum=301528\u003e. \n\nThis email contains brief summaries of the problems. Full details can  \nbe found on my web site \u003chttp://remahl.se/david/vuln/\u003e. \n\nDescription: help: URI handler execution of JavaScripts with known  \npaths vulnerability\nMy name: DR004 \u003chttp://remahl.se/david/vuln/004/\u003e\nCVE: CAN-2005-1337 [yes, cool, isn\u0027t it ;-)]\nSummary: The Help Viewer application allows JavaScript and is thus  \nvulnerable to having scripts with arbitrary paths run with the  \nprivileges granted to file: protocol URIs. The files can be started  \nwith a URI on the form of help:///path/to/file.html. Combined with  \nXMLHttpRequest\u0027s ability to disclose arbitrary files, this security  \nbug becomes critcal. \n\nDescription: Invisible characters in applescript: URL protocol  \nmessaging vulnerability\nMy name: DR010 \u003chttp://remahl.se/david/vuln/010/\u003e\nCVE: CAN-2005-1331\nSummary: URL Protocol Messaging is a technique used by Script Editor  \nto facilitate sharing of AppleScripts between users. By clicking a  \nlink (for example in a web forum), a user can create a new Script  \nEditor document automatically, with text from the query string of the  \nURI. This avoids problems with copying text from the web or manually  \ntyping code snippets. However, the technique can be used to trick  \nusers into running dangerous code (with embedded control characters),  \nsince insufficient input validation is performed. Using  \nescape sequences and social engineering attacks it is in some cases  \npossible to trick the user into performing arbitrary commands. \n\nI would like to acknowledge the willingness of Apple\u0027s Product  \nSecurity team to cooperate with me in resolving these issues. CERT\u0027s  \nassistance has also been helpful. \n\n/ Regards, David Remahl\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.1 (Darwin)\n\niD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a\nPJwheHWkjnBAG4kNnAa/6QE=\n=iJNj\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "BID",
        "id": "13502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "db": "PACKETSTORM",
        "id": "38718"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "OSVDB",
        "id": "16084",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "15227",
        "trust": 2.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#356070",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342",
        "trust": 2.1
      },
      {
        "db": "BID",
        "id": "13480",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "TA05-136A",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2005-0455",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "13502",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA05-136A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2005-05-03",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38718",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "db": "BID",
        "id": "13502"
      },
      {
        "db": "PACKETSTORM",
        "id": "38718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "id": "VAR-200505-0310",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:27:29.558000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://remahl.se/david/vuln/011/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2005/may/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/13480"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta05-136a.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.kb.cert.org/vuls/id/356070"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/16084"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/15227"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2005/0455"
      },
      {
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=301528"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15227/"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/13502/"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=16084"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2005/0455"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/397489"
      },
      {
        "trust": 0.1,
        "url": ""
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/010/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/012/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/011/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=301528\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-1342"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-1341"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-1331"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/004/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2005-1337"
      },
      {
        "trust": 0.1,
        "url": "http://remahl.se/david/vuln/\u003e."
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "db": "BID",
        "id": "13502"
      },
      {
        "db": "PACKETSTORM",
        "id": "38718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "db": "BID",
        "id": "13502"
      },
      {
        "db": "PACKETSTORM",
        "id": "38718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2005-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "date": "2005-05-03T00:00:00",
        "db": "BID",
        "id": "13502"
      },
      {
        "date": "2005-07-15T06:39:33",
        "db": "PACKETSTORM",
        "id": "38718"
      },
      {
        "date": "2005-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "date": "2005-05-04T04:00:00",
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#356070"
      },
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12551"
      },
      {
        "date": "2009-07-12T14:06:00",
        "db": "BID",
        "id": "13502"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      },
      {
        "date": "2011-03-08T02:21:38.847000",
        "db": "NVD",
        "id": "CVE-2005-1342"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Terminal fails to properly sanitize input for \"x-man-page\" URI",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#356070"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-910"
      }
    ],
    "trust": 0.6
  }
}

GSD-2005-1342

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

Aliases

CVE-2005-1342

Aliases

CVE-2005-1342

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-1342",
    "description": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.",
    "id": "GSD-2005-1342"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-1342"
      ],
      "details": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.",
      "id": "GSD-2005-1342",
      "modified": "2023-12-13T01:20:11.766015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-1342",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://remahl.se/david/vuln/011/",
            "refsource": "MISC",
            "url": "http://remahl.se/david/vuln/011/"
          },
          {
            "name": "13480",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/13480"
          },
          {
            "name": "TA05-136A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
          },
          {
            "name": "16084",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/16084"
          },
          {
            "name": "15227",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/15227"
          },
          {
            "name": "VU#356070",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/356070"
          },
          {
            "name": "ADV-2005-0455",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/0455"
          },
          {
            "name": "APPLE-SA-2005-05-03",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:terminal:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1342"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://remahl.se/david/vuln/011/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://remahl.se/david/vuln/011/"
            },
            {
              "name": "APPLE-SA-2005-05-03",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
            },
            {
              "name": "VU#356070",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/356070"
            },
            {
              "name": "13480",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/13480"
            },
            {
              "name": "16084",
              "refsource": "OSVDB",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.osvdb.org/16084"
            },
            {
              "name": "15227",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/15227"
            },
            {
              "name": "TA05-136A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
            },
            {
              "name": "ADV-2005-0455",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/0455"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:21Z",
      "publishedDate": "2005-05-04T04:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-1342 (GCVE-0-2005-1342)

FKIE_CVE-2005-1342

GHSA-G2F6-93C5-WQ6V

VAR-200505-0310

GSD-2005-1342

Tags

Sightings

Nomenclature