CVE-2005-1365 - Vulnerability Details - OpenCVE

Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pico Server	Pico Server

Configuration 1 [-]

OR	cpe:2.3:a:pico_server:pico_server:3.0:::::::*
	cpe:2.3:a:pico_server:pico_server:3.0_beta_3:::::::*
	cpe:2.3:a:pico_server:pico_server:3.1:::::::*
	cpe:2.3:a:pico_server:pico_server:3.2:::::::*

No data.

References

Link	Providers
http://marc.info/?l=full-disclosure&m=111625635716712&w=2
http://sourceforge.net/project/shownotes.php?release_id=327708
http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt
http://www.securityfocus.com/bid/13642

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-16T04:00:00

Updated: 2024-08-07T21:44:06.471Z

Reserved: 2005-05-02T00:00:00

Link: CVE-2005-1365

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-05-16T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-1365

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading \"/\" (slash) characters and \"..\" sequences."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050516 Advisory: Pico Server (pServ) Remote Command Injection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=111625635716712&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt"}, {"name": "13642", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13642"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=327708"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1365", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading \"/\" (slash) characters and \"..\" sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050516 Advisory: Pico Server (pServ) Remote Command Injection", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=111625635716712&w=2"}, {"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt"}, {"name": "13642", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13642"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=327708", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=327708"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:44:06.471Z"}, "title": "CVE Program Container", "references": [{"name": "20050516 Advisory: Pico Server (pServ) Remote Command Injection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=111625635716712&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt"}, {"name": "13642", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13642"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=327708"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1365", "datePublished": "2005-05-16T04:00:00", "dateReserved": "2005-05-02T00:00:00", "dateUpdated": "2024-08-07T21:44:06.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pico_server:pico_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E17AFBCF-30CD-4628-B45E-AC7868029B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pico_server:pico_server:3.0_beta_3:*:*:*:*:*:*:*", "matchCriteriaId": "FE287C32-79D5-41C4-9DFD-A048577BBA7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pico_server:pico_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2187189B-15D7-4DB8-88C4-7C05F288BCC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pico_server:pico_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F66A504-6100-4B59-9EBB-CE64520B1760", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading \"/\" (slash) characters and \"..\" sequences."}], "id": "CVE-2005-1365", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-16T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure&m=111625635716712&w=2"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=327708"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/13642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=111625635716712&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=327708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-010.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/13642"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}