CVE-2005-4857

Published: Dec 31, 2005Modified: Apr 16, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

Affected (16)

Products: Ez: Ez Publish

1 product

Ez Publish

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Ez Ez Publish	Up to 3.8.0
Ez Ez Publish	Version 3.5.0
Ez Ez Publish	Version 3.5.1
Ez Ez Publish	Version 3.5.2
Ez Ez Publish	Version 3.5.3
Ez Ez Publish	Version 3.5.4
Ez Ez Publish	Version 3.5.5
Ez Ez Publish	Version 3.5.6
Ez Ez Publish	Version 3.6.0
Ez Ez Publish	Version 3.6.1
Ez Ez Publish	Version 3.6.2
Ez Ez Publish	Version 3.6.3
Ez Ez Publish	Version 3.6.4
Ez Ez Publish	Version 3.7.0
Ez Ez Publish	Version 3.7.1
Ez Ez Publish	Version 3.7.2

Related CWEs

CWE-399

References (4)

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: cve@mitre.org

http://issues.ez.no/7459

Source: cve@mitre.org

http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0

Source: af854a3a-2127-422b-91ae-364da2661108

http://issues.ez.no/7459

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.