Vulnerability Name:

CVE-2005-3424 (CCN-22902)

Assigned:2005-10-28
Published:2005-10-28
Updated:2011-03-08
Summary:Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Fri Oct 28 2005 - 04:50:27 CDT
New gnump3d packages fix several vulnerabilities

Source: MITRE
Type: CNA
CVE-2005-3424

Source: MLIST
Type: Patch
[Gnump3d-users] 20051028 New release - security fixes.

Source: CCN
Type: gnump3d Web site
Debian -- gnump3d

Source: CCN
Type: SA17351
GNUMP3d Cross-Site Scripting and Directory Traversal Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
17351

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-877

Source: DEBIAN
Type: DSA 877-1
gnump3d -- cross-site scripting, directory traversal

Source: DEBIAN
Type: DSA-877
gnump3d -- cross-site scripting

Source: CCN
Type: GLSA-200511-05
GNUMP3d: Directory traversal and XSS vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.gnu.org/software/gnump3d/ChangeLog

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:028

Source: OSVDB
Type: Patch
20359

Source: CCN
Type: OSVDB ID: 20359
GNUMP3d Error Page XSS

Source: CCN
Type: OSVDB ID: 20723
GNUMP3d Unspecified XSS

Source: BID
Type: UNKNOWN
15226

Source: CCN
Type: BID-15226
GNU gnump3d Error Page Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2242

Source: XF
Type: UNKNOWN
gnump3d-404-error-xss(22902)

Source: SUSE
Type: SUSE-SR:2005:028
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:gnump3d:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.5b:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:gnump3d:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.5b:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053424
    V
    		CVE-2005-3424
    2015-11-16
    oval:org.debian:def:877
    V
    		cross-site scripting, directory traversal
    2005-10-28
    BACK
    gnu gnump3d 2.0
    gnu gnump3d 2.1
    gnu gnump3d 2.2
    gnu gnump3d 2.3
    gnu gnump3d 2.4
    gnu gnump3d 2.5
    gnu gnump3d 2.5b
    gnu gnump3d 2.6
    gnu gnump3d 2.7
    gnu gnump3d 2.8
    gnu gnump3d 2.9
    gnu gnump3d 2.9.1
    gnu gnump3d 2.9.2
    gnu gnump3d 2.9.3
    gnu gnump3d 2.9.4
    gnu gnump3d 2.0
    gnu gnump3d 2.1
    gnu gnump3d 2.2
    gnu gnump3d 2.3
    gnu gnump3d 2.4
    gnu gnump3d 2.5
    gnu gnump3d 2.5b
    gnu gnump3d 2.6
    gnu gnump3d 2.7
    gnu gnump3d 2.8
    gnu gnump3d 2.9
    gnu gnump3d 2.9.1
    gnu gnump3d 2.9.2
    gnu gnump3d 2.9.3
    gnu gnump3d 2.9.4
    gentoo linux *
    debian debian linux 3.1