CVE-2005-4857

Name of the Vulnerable Software and Affected Versions: eZ publish versions 3.5 through 3.5.6 eZ publish versions 3.6 through 3.6.4 eZ publish versions 3.7 through 3.7.2 eZ publish versions 3.8 before 20051128

Description: The issue allows remote authenticated users to cause a denial of service, resulting in an Apache httpd segmentation fault. This can be achieved by sending a request to the "content/advancedsearch.php" endpoint with an empty SearchContentClassID parameter. The problem is reportedly related to a memory addressing error.

Recommendations: For versions 3.5 through 3.5.6, update to version 3.5.7 or later. For versions 3.6 through 3.6.4, update to version 3.6.5 or later. For versions 3.7 through 3.7.2, update to version 3.7.3 or later. For versions 3.8 before 20051128, update to a version released on or after 20051128. As a temporary workaround, consider restricting access to the "content/advancedsearch.php" endpoint to minimize the risk of exploitation. Avoid using the SearchContentClassID parameter with an empty value in the affected endpoint until the issue is resolved.