Lucene search

[email protected]CVE-2006-2786

HistoryJun 02, 2006 - 8:02 p.m.

CVE-2006-2786

2006-06-0220:02:00

[email protected]

web.nvd.nist.gov

cve

2006

2786

http response

smuggling vulnerability

mozilla firefox

thunderbird

proxy servers

remote attackers

http headers

http 1.1

http 1.0

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.123 Low

EPSS

Percentile

95.4%

JSON

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Affected configurations

NVD

Node

mozillafirefoxRange≤1.5.0.3

mozillathunderbirdRange≤1.5.0.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle1.5.0.3
mozilla:thunderbirdmozilla thunderbirdle1.5.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	1.5.0.3
mozilla:thunderbird	mozilla thunderbird	le	1.5.0.3

References

rhn.redhat.com/errata/RHSA-2006-0609.html

secunia.com/advisories/20376

secunia.com/advisories/20382

secunia.com/advisories/20561

secunia.com/advisories/20709

secunia.com/advisories/21134

secunia.com/advisories/21176

secunia.com/advisories/21178

secunia.com/advisories/21183

secunia.com/advisories/21188

secunia.com/advisories/21269

secunia.com/advisories/21270

secunia.com/advisories/21324

secunia.com/advisories/21336

secunia.com/advisories/21532

secunia.com/advisories/21631

secunia.com/advisories/22065

secunia.com/advisories/22066

securitytracker.com/id?1016202

securitytracker.com/id?1016214

www.debian.org/security/2006/dsa-1118

www.debian.org/security/2006/dsa-1120

www.debian.org/security/2006/dsa-1134

www.gentoo.org/security/en/glsa/glsa-200606-12.xml

www.gentoo.org/security/en/glsa/glsa-200606-21.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:143

www.mandriva.com/security/advisories?name=MDKSA-2006:145

www.mozilla.org/security/announce/2006/mfsa2006-33.html

www.novell.com/linux/security/advisories/2006_35_mozilla.html

www.redhat.com/support/errata/RHSA-2006-0578.html

www.redhat.com/support/errata/RHSA-2006-0594.html

www.redhat.com/support/errata/RHSA-2006-0610.html

www.redhat.com/support/errata/RHSA-2006-0611.html

www.securityfocus.com/archive/1/435795/100/0/threaded

www.securityfocus.com/archive/1/446657/100/200/threaded

www.securityfocus.com/archive/1/446658/100/200/threaded

www.securityfocus.com/bid/18228

www.vupen.com/english/advisories/2006/2106

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3749

www.vupen.com/english/advisories/2008/0083

exchange.xforce.ibmcloud.com/vulnerabilities/26844

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966

usn.ubuntu.com/296-1/

usn.ubuntu.com/296-2/

usn.ubuntu.com/297-1/

usn.ubuntu.com/323-1/

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.123 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2006-2786

ubuntucve1 cvelist1 mozilla1 nvd1 debiancve1 prion1 openvas19 ubuntu5 nessus26 gentoo2 securityvulns2 redhat5 debian3 osv3 suse1 oraclelinux2 centos4