Lucene search

[email protected]CVE-2006-6136

HistoryNov 28, 2006 - 2:07 a.m.

CVE-2006-6136

2006-11-2802:07:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

eal4

authentication

vulnerability

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.9%

JSON

IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during “registering of response operation,” which has unknown impact and attack vectors.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0

References

secunia.com/advisories/23028

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24013830

www-1.ibm.com/support/docview.wss?uid=swg27007951

www-1.ibm.com/support/search.wss?rs=0&q=PK29847&apar=only

www.securityfocus.com/bid/21204

www.vupen.com/english/advisories/2006/4639

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.9%

JSON