CVE-2005-3430

critical

Description

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22907

http://www.securityfocus.com/bid/15230

http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

http://securitytracker.com/id?1015117

http://secunia.com/advisories/17240/

http://marc.info/?l=bugtraq&m=113053680631151&w=2

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html

Details

Source: Mitre, NVD

Published: 2005-11-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.012