PT-2005-4140 · Snoopy · Snoopy

Bernhard Mueller

Published

2005-10-27

Updated

2017-07-11

CVE-2005-3330

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Snoopy version 1.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page. This is due to improper handling by the fetch function in the httpsrequest function.

Recommendations For Snoopy version 1.2, consider disabling the httpsrequest function until a patch is available to prevent exploitation. Restrict access to the fetch function to minimize the risk of arbitrary command execution. Avoid using HTTPS URLs with shell metacharacters in the affected function until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2005-3330

Affected Products

Snoopy

PT-2005-4140 · Snoopy · Snoopy

CVE-2005-3330

Weakness Enumeration

Related Identifiers

Affected Products

References · 19