Lucene search

[email protected]CVE-2006-2318

HistoryMay 12, 2006 - 12:02 a.m.

CVE-2006-2318

2006-05-1200:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2318

incomplete blacklist vulnerability

ideal science ideal bb

remote attackers

asp script

extension bypass

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.7%

JSON

Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a “.asa” file, which bypasses the check for the “.asp” extension but is executable on the server.

Affected configurations

NVD

Node

ideal_scienceidealbbMatch1.4.9

ideal_scienceidealbbMatch1.4.9_beta

ideal_scienceidealbbMatch1.4.9a

ideal_scienceidealbbMatch1.5.0_beta1

ideal_scienceidealbbMatch1.5.0_beta2

ideal_scienceidealbbMatch1.5.0_beta3

ideal_scienceidealbbMatch1.5.0_beta4

ideal_scienceidealbbMatch1.5.0_rc1

ideal_scienceidealbbMatch1.5.1

ideal_scienceidealbbMatch1.5.2

ideal_scienceidealbbMatch1.5.2a

ideal_scienceidealbbMatch1.5.2b

ideal_scienceidealbbMatch1.5.2c

ideal_scienceidealbbMatch1.5.3

ideal_scienceidealbbMatch1.5.3_beta1

ideal_scienceidealbbMatch1.5.3_beta2

ideal_scienceidealbbMatch1.5.3a

ideal_scienceidealbbMatch1.5.3b

ideal_scienceidealbbMatch1.5.4a

ideal_scienceidealbbMatch1.5_beta1

ideal_scienceidealbbMatch1.5_beta2

ideal_scienceidealbbMatch1.5_beta3

ideal_scienceidealbbMatch1.5_beta4

ideal_scienceidealbbMatch1.5_beta5

ideal_scienceidealbbMatch1.5_rc1

CPENameOperatorVersion
ideal_science:idealbbideal science idealbbeq1.4.9
ideal_science:idealbbideal science idealbbeq1.4.9_beta
ideal_science:idealbbideal science idealbbeq1.4.9a
ideal_science:idealbbideal science idealbbeq1.5.0_beta1
ideal_science:idealbbideal science idealbbeq1.5.0_beta2
ideal_science:idealbbideal science idealbbeq1.5.0_beta3
ideal_science:idealbbideal science idealbbeq1.5.0_beta4
ideal_science:idealbbideal science idealbbeq1.5.0_rc1
ideal_science:idealbbideal science idealbbeq1.5.1
ideal_science:idealbbideal science idealbbeq1.5.2

CPE	Name	Operator	Version
ideal_science:idealbb	ideal science idealbb	eq	1.4.9
ideal_science:idealbb	ideal science idealbb	eq	1.4.9_beta
ideal_science:idealbb	ideal science idealbb	eq	1.4.9a
ideal_science:idealbb	ideal science idealbb	eq	1.5.0_beta1
ideal_science:idealbb	ideal science idealbb	eq	1.5.0_beta2
ideal_science:idealbb	ideal science idealbb	eq	1.5.0_beta3
ideal_science:idealbb	ideal science idealbb	eq	1.5.0_beta4
ideal_science:idealbb	ideal science idealbb	eq	1.5.0_rc1
ideal_science:idealbb	ideal science idealbb	eq	1.5.1
ideal_science:idealbb	ideal science idealbb	eq	1.5.2

Rows per page:

1-10 of 251

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html

secunia.com/advisories/20035

securityreason.com/securityalert/871

www.idealscience.com/ibb/posts.aspx?postID=24415

www.osvdb.org/25456

www.securityfocus.com/archive/1/433248/100/0/threaded

www.securityfocus.com/bid/17920

www.vupen.com/english/advisories/2006/1729

exchange.xforce.ibmcloud.com/vulnerabilities/26353

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2006-2318

prion1 cvelist1 nvd1 nessus1