CVE-2005-4852

Name of the Vulnerable Software and Affected Versions: eZ publish versions 3.5 through 3.8 before 20050812

Description: The issue concerns the siteaccess URIMatching implementation, which converts non-alphanumeric characters in a URI to underscores. This allows remote attackers to bypass access restrictions by inserting specific characters into a URI. For example, a request for /admin:de can match a rule intended only for /admin de, thereby accessing /admin.

Recommendations: For eZ publish versions 3.5 through 3.8 before 20050812, update to a version released after 20050812 to resolve the issue.