CVE-2006-5859

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb07-03.html
http://www.securityfocus.com/bid/22544
http://www.securitytracker.com/id?1017644
http://secunia.com/advisories/24115
http://osvdb.org/32121
http://www.vupen.com/english/advisories/2007/0592

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:coldfusion:7.0:::::::*
	cpe:2.3:a:adobe:coldfusion:7.0.1:::::::*

Information

Published : 2007-02-13 17:28

Updated : 2011-03-07 18:43

NVD link : CVE-2006-5859

Mitre link : CVE-2006-5859

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

adobe

coldfusion

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.adobe.com/support/security/bulletins/apsb07-03.html", "name": "http://www.adobe.com/support/security/bulletins/apsb07-03.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/22544", "name": "22544", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1017644", "name": "1017644", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/24115", "name": "24115", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/32121", "name": "32121", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0592", "name": "ADV-2007-0592", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5859", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-02-14T01:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:43Z"}

4.3 /10