CVE-2006-4352

{"id": "CVE-2006-4352", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-25T10:04:00.000", "references": [{"url": "http://www.cisco.com/warp/public/117/AP_cookies.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/28121", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information."}, {"lang": "es", "value": "La funcionalidad de cookies ArrowPoint para los Conmutadores de Servicio de Contenidos (Content Service Switches) Cisco serie 11000 especifica una direcci\u00f3n IP interna si el administrador no especifica una cadena de opci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible."}], "lastModified": "2008-09-05T21:09:29.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98FC94DE-BBD2-43C6-9435-0242BA5DCC8C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}