CVE-2005-1121

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve-2005-1121

oops! proxy server

format string vulnerability

arbitrary code execution

url

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

64.9%

JSON

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

Affected configurations

Nvd

Node

igor_khasilevoops_proxy_serverMatch1.4.22

igor_khasilevoops_proxy_serverMatch1.5.19

igor_khasilevoops_proxy_serverMatch1.5.53

Node

gentoolinux

VendorProductVersionCPE
igor_khasilevoops_proxy_server1.4.22cpe:2.3:a:igor_khasilev:oops_proxy_server:1.4.22:*:*:*:*:*:*:*
igor_khasilevoops_proxy_server1.5.19cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.19:*:*:*:*:*:*:*
igor_khasilevoops_proxy_server1.5.53cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.53:*:*:*:*:*:*:*
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
igor_khasilev	oops_proxy_server	1.4.22	cpe:2.3:a:igor_khasilev:oops_proxy_server:1.4.22:::::::*
igor_khasilev	oops_proxy_server	1.5.19	cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.19:::::::*
igor_khasilev	oops_proxy_server	1.5.53	cpe:2.3:a:igor_khasilev:oops_proxy_server:1.5.53:::::::*
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::