Lucene search

[email protected]CVE-2006-2676

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2676

2006-05-3110:06:00

[email protected]

web.nvd.nist.gov

cve

2006

2676

dispatch.cgi

sitescape forum

remote attackers

user enumeration

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.

Affected configurations

NVD

Node

sitescapesitescape_forumMatch7.2

CPENameOperatorVersion
sitescape:sitescape_forumsitescape sitescape forumeq7.2

CPE	Name	Operator	Version
sitescape:sitescape_forum	sitescape sitescape forum	eq	7.2

References

secunia.com/advisories/20266

www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en

exchange.xforce.ibmcloud.com/vulnerabilities/26672

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2006-2676

prion1 nvd1 cvelist1