Lucene search

[email protected]CVE-2006-6987

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6987

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve

2006

6987

cross-domain vulnerability

finebrowser

freeware

remote attackers

object tag

data parameter

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

softinformfinebrowserMatchfreeware_3.2.2

CPENameOperatorVersion
softinform:finebrowsersoftinform finebrowsereqfreeware_3.2.2

CPE	Name	Operator	Version
softinform:finebrowser	softinform finebrowser	eq	freeware_3.2.2

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6987

nvd11 cvelist11 cert1 checkpoint_advisories1 cve10 securityvulns2 nessus1