CVE-2005-3757

Google Mini Search Appliance - RCE

Title source: llm

Description

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappshardware

https://www.exploit-db.com/exploits/16907

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by H D Moore · remotehardware

https://www.exploit-db.com/exploits/1333

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by hdm · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/google_proxystylesheet_exec.rb

View Code ZIP pw:eip

References (7)

[Exploit, Patch, Vendor Advisory] http://metasploit.com/research/vulns/google_proxystylesheet/

[Vendor Advisory] http://secunia.com/advisories/17644

[Exploit, Patch, Vendor Advisory] http://securitytracker.com/id?1015246

[Exploit, Patch] http://www.osvdb.org/20981

[Exploit, Patch] http://www.securityfocus.com/bid/15509

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/417310/30/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2500

Scores

EPSS 0.7575

EPSS Percentile 98.9%

Details

Status published

Products (2)

google/mini_search_appliance

google/search_appliance

Published Nov 22, 2005

Tracked Since Feb 18, 2026