CVE-2006-0993

The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20058
http://securityreason.com/securityalert/870
http://securitytracker.com/id?1016051
http://www.3com.com/securityalert/alerts/3COM-06-002.html
http://www.osvdb.org/25360
http://www.securityfocus.com/archive/1/433432/100/0/threaded
http://www.securityfocus.com/bid/17935
http://www.vupen.com/english/advisories/2006/1752
http://www.zerodayinitiative.com/advisories/ZDI-06-013.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26338

Configurations

Configuration 1 (hide)

cpe:2.3:h:3com:tippingpoint_sms_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-05-10 02:22

Updated : 2018-10-18 16:30

NVD link : CVE-2006-0993

Mitre link : CVE-2006-0993

CVE.ORG link : CVE-2006-0993

JSON object : View

Products Affected

3com

tippingpoint_sms_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-0993", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-10T02:22:00.000", "references": [{"url": "http://secunia.com/advisories/20058", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/870", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016051", "source": "cve@mitre.org"}, {"url": "http://www.3com.com/securityalert/alerts/3COM-06-002.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25360", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/433432/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17935", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1752", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26338", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings."}], "lastModified": "2018-10-18T16:30:08.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:3com:tippingpoint_sms_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8386EA42-F932-4562-A9AD-327BE51E2516", "versionEndIncluding": "2.2.1.4477"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Upgrade to 3Com TippingPoint SMS Server version 2.2.1.4478"}