CVE-2005-0269

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/12149
http://secunia.com/advisories/13711
http://marc.info/?l=bugtraq&m=110477648219738&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18729

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sir:gnuboard:3.30:::::::*
	cpe:2.3:a:sir:gnuboard:3.38:::::::*
	cpe:2.3:a:sir:gnuboard:3.39:::::::*
	cpe:2.3:a:sir:gnuboard:3.36:::::::*
	cpe:2.3:a:sir:gnuboard:3.37:::::::*
	cpe:2.3:a:sir:gnuboard:3.33:::::::*
	cpe:2.3:a:sir:gnuboard:3.34:::::::*
	cpe:2.3:a:sir:gnuboard:3.35:::::::*
	cpe:2.3:a:sir:gnuboard:3.31:::::::*
	cpe:2.3:a:sir:gnuboard:3.32:::::::*
	cpe:2.3:a:sir:gnuboard:3.40:::::::*

Information

Published : 2005-05-02 04:00

Updated : 2017-07-11 01:32

NVD link : CVE-2005-0269

Mitre link : CVE-2005-0269

JSON object : View

Products Affected

sir

gnuboard

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/12149", "name": "12149", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/13711", "name": "13711", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=110477648219738&w=2", "name": "20050103 STG Security Advisory: [SSA-20041224-21] File extensions", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18729", "name": "gnuboard-gbupdate-file-upload(18729)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0269", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-02T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sir:gnuboard:3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}