Lucene search

[email protected]CVE-2006-2047

HistoryApr 26, 2006 - 8:06 p.m.

CVE-2006-2047

2006-04-2620:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2047

information security

remote attackers

sensitive information

sql injection

error messages

data disclosure

application vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.

Affected configurations

NVD

Node

application_dynamicscartweaver_coldfusionMatch2.16.11

CPENameOperatorVersion
application_dynamics:cartweaver_coldfusionapplication dynamics cartweaver coldfusioneq2.16.11

CPE	Name	Operator	Version
application_dynamics:cartweaver_coldfusion	application dynamics cartweaver coldfusion	eq	2.16.11

References

pridels0.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html

secunia.com/advisories/19812

www.osvdb.org/24963

www.osvdb.org/24964

www.vupen.com/english/advisories/2006/1513

exchange.xforce.ibmcloud.com/vulnerabilities/26061

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2006-2047

prion1 cvelist1 nvd1