CVE-2006-0917

Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.oh2600.com/forum/viewtopic.php?t=43
http://www.securityfocus.com/bid/16747
http://secunia.com/advisories/18984	Vendor Advisory
http://securityreason.com/securityalert/463
https://exchange.xforce.ibmcloud.com/vulnerabilities/24868
http://www.securityfocus.com/archive/1/425589/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:melange:melange_chat_system:1.10:*:*:*:*:*:*:*

Information

Published : 2006-02-28 03:02

Updated : 2018-10-18 09:29

NVD link : CVE-2006-0917

Mitre link : CVE-2006-0917

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

melange

melange_chat_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.oh2600.com/forum/viewtopic.php?t=43", "name": "http://www.oh2600.com/forum/viewtopic.php?t=43", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16747", "name": "16747", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18984", "name": "18984", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/463", "name": "463", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24868", "name": "melange-chat-command-information-disclosure(24868)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/425589/100/0/threaded", "name": "20060221 grab cookie information with Melange Chat Server 1.10", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0917", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-28T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:melange:melange_chat_system:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:29Z"}