Lucene search

MitreCVE-2006-3557

HistoryJul 13, 2006 - 12:05 a.m.

CVE-2006-3557

2006-07-1300:05:00

mitre

web.nvd.nist.gov

cve-2006-3557

mt orumcek toplist 2.2

data breach

web security

access control

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

76.2%

JSON

MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

Affected configurations

Nvd

Node

mt_orumcekmt_orumcek_toplistMatch2.2

VendorProductVersionCPE
mt_orumcekmt_orumcek_toplist2.2cpe:2.3:a:mt_orumcek:mt_orumcek_toplist:2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mt_orumcek	mt_orumcek_toplist	2.2	cpe:2.3:a:mt_orumcek:mt_orumcek_toplist:2.2:::::::*

References

securityreason.com/securityalert/1235

www.securityfocus.com/archive/1/439611/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

76.2%

JSON

Related for CVE-2006-3557