CVE-2006-5835

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf	Exploit Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026	Patch
http://www.securityfocus.com/bid/20960
http://secunia.com/advisories/22741	Patch Vendor Advisory
http://securitytracker.com/id?1017203
http://www.vupen.com/english/advisories/2006/4411
https://exchange.xforce.ibmcloud.com/vulnerabilities/30118

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0.1:::::::*

Information

Published : 2006-11-09 17:07

Updated : 2017-07-19 18:34

NVD link : CVE-2006-5835

Mitre link : CVE-2006-5835

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

lotus_notes

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", "name": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026", "name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/20960", "name": "20960", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/22741", "name": "22741", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1017203", "name": "1017203", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2006/4411", "name": "ADV-2006-4411", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118", "name": "lotusnotes-nrpc-information-disclosure(30118)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5835", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-10T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:34Z"}

5.0 /10