Lucene search

PRIOn knowledge basePRION:CVE-2006-2481

HistoryJul 31, 2006 - 7:04 p.m.

Cross site scripting

2006-07-3119:04:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).

CPENameOperatorVersion
esxeq2.0
esxeq2.0.1
esxeq2.1.2
esxeq2.5
esxeq2.5.2
esxeq2.1.1
esxeq2.1

Name	Operator	Version
esx	eq	2.0
esx	eq	2.0.1
esx	eq	2.1.2
esx	eq	2.5
esx	eq	2.5.2
esx	eq	2.1.1
esx	eq	2.1

References

kb.vmware.com/kb/2118366

secunia.com/advisories/21230

www.corsaire.com/advisories/c060512-001.txt

www.securityfocus.com/archive/1/441728/100/100/threaded

www.securityfocus.com/archive/1/441825/100/100/threaded

www.securityfocus.com/bid/19249

www.vupen.com/english/advisories/2006/3075

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for PRION:CVE-2006-2481