Lucene search

[email protected]CVE-2006-2925

HistoryJun 09, 2006 - 10:02 a.m.

CVE-2006-2925

2006-06-0910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2925

cross-site scripting

xss

ingate firewall

siparator

web interface

security vulnerability

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to “XSS exploits” in administrator functionality.

CPENameOperatorVersion
ingate:siparatoringate siparatorle4.3.4
ingate:siparatoringate siparatoreq4.3.1
ingate:ingate_firewallingate ingate firewallle4.3.4
ingate:ingate_firewallingate ingate firewalleq4.3.1

CPE	Name	Operator	Version
ingate:siparator	ingate siparator	le	4.3.4
ingate:siparator	ingate siparator	eq	4.3.1
ingate:ingate_firewall	ingate ingate firewall	le	4.3.4
ingate:ingate_firewall	ingate ingate firewall	eq	4.3.1

References

secunia.com/advisories/20479

securitytracker.com/id?1016244

securitytracker.com/id?1016245

www.ingate.com/relnote-441.php

www.vupen.com/english/advisories/2006/2183

exchange.xforce.ibmcloud.com/vulnerabilities/26978

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for CVE-2006-2925

cvelist1 prion1