Lucene search

K
cve[email protected]CVE-2006-0153
HistoryJan 10, 2006 - 11:03 a.m.

CVE-2006-0153

2006-01-1011:03:00
web.nvd.nist.gov
109
cve-2006-0153
427bb
authentication
vulnerability
remote attackers

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.156

Percentile

95.9%

427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.

Affected configurations

NVD
Node
427bbfourtwosevenbbMatch2.2
OR
427bbfourtwosevenbbMatch2.2.1
VendorProductVersionCPE
427bbfourtwosevenbb2.2.1cpe:/a:427bb:fourtwosevenbb:2.2.1:::
427bbfourtwosevenbb2.2cpe:/a:427bb:fourtwosevenbb:2.2:::

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.156

Percentile

95.9%