PT-2005-5208 · Clearswift · Clearswift Mimesweeper For Web
Published
2005-12-28
·
Updated
2024-02-14
·
CVE-2005-4526
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) versions 4.0 through 5.1
Description
The issue allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file.
Recommendations
For versions 4.0 through 5.1, consider implementing additional filtering rules to inspect the content of files returned by URLs, regardless of the extension, to prevent the bypassing of filtering.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Clearswift Mimesweeper For Web