CVE-2005-3757

Name of the Vulnerable Software and Affected Versions Google Mini Search Appliance (affected versions not specified) Google Search Appliance (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in the select attribute of xsl:value-of tags in XSLT style sheets. Specifically, methods such as system-property, sys:getProperty, and run:exec are vulnerable.

Recommendations For Google Mini Search Appliance, restrict access to the XSLT parser to minimize the risk of exploitation. For Google Search Appliance, avoid using the vulnerable Java class methods in XSLT style sheets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.