CVE-2005-0269
published 2005-05-02CVE-2005-0269: The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload…
PriorityP430critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.64%
83.7th percentile
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sir | gnuboard | <= 3.40 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Validation of Unsafe Equivalence in Input
mitre_cwe
CWE-1289 Improper Validation of Unsafe Equivalence in Input
CWE-1289: Improper Validation of Unsafe Equivalence in Input
The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.
Attackers can sometimes bypass input validation schemes by finding inputs that appear to be safe, but will be dangerous when processed at a lower layer or by a downstream component. For example, a simple XSS protection mechanism might try to validate that an input has no "" tags using case-sensitive matching, but since HTML is case-insensitive when processed by web browsers, an attacker could inject "" and trigger XSS.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Other. Impact: Varies by Co
CWE
Improper Handling of Case Sensitivity
mitre_cwe
CWE-178 Improper Handling of Case Sensitivity
CWE-178: Improper Handling of Case Sensitivity
The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
Improperly handled case sensitive data can lead to several possible consequences, including: case-insensitive passwords reducing the size of the key space, making brute force attacks easier bypassing filters or access controls using alternate names multiple interpretation errors using alternate names.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Potential Mitigations:
[Architecture and Design] Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate n
http://marc.info/?l=bugtraq&m=110477648219738&w=2http://secunia.com/advisories/13711http://www.securityfocus.com/bid/12149https://exchange.xforce.ibmcloud.com/vulnerabilities/18729http://marc.info/?l=bugtraq&m=110477648219738&w=2http://secunia.com/advisories/13711http://www.securityfocus.com/bid/12149https://exchange.xforce.ibmcloud.com/vulnerabilities/18729
2005-05-02
Published