Lucene search

[email protected]CVE-2006-6477

HistoryDec 20, 2006 - 2:28 a.m.

CVE-2006-6477

2006-12-2002:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mandiant first response

mfr

fragent.exe

http

vulnerability

mitm

cve-2006-6477

6.4 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

9.1%

JSON

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.

CPENameOperatorVersion
mandiant:first_responsemandiant first responsele1.1

CPE	Name	Operator	Version
mandiant:first_response	mandiant first response	le	1.1

References

secunia.com/advisories/23393

securityreason.com/securityalert/2052

securitytracker.com/id?1017394

www.mandiant.com/firstresponse.htm

www.securityfocus.com/archive/1/454712/100/0/threaded

www.securityfocus.com/bid/21548

www.symantec.com/enterprise/research/SYMSA-2006-013.txt

www.vupen.com/english/advisories/2006/5061

6.4 Medium

AI Score

Confidence

Low

2.4 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2006-6477

cvelist1 securityvulns1 nessus1 kaspersky1