Lucene search

[email protected]CVE-2006-3903

HistoryJul 27, 2006 - 10:04 p.m.

CVE-2006-3903

2006-07-2722:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3903

crlf injection

mybloggie

session hijacking

xss

nvd

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.

CPENameOperatorVersion
mywebland:mybloggiemywebland mybloggieeq2.1.3_beta
mywebland:mybloggiemywebland mybloggieeq2.1.3

CPE	Name	Operator	Version
mywebland:mybloggie	mywebland mybloggie	eq	2.1.3_beta
mywebland:mybloggie	mywebland mybloggie	eq	2.1.3

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html

marc.info/?l=bugtraq&m=114791192612460&w=2

www.osvdb.org/displayvuln.php?osvdb_id=26557

www.osvdb.org/displayvuln.php?osvdb_id=26558

www.securityfocus.com/archive/1/441356/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26484

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2006-3903

cvelist1