Lucene search

[email protected]CVE-2006-1644

HistoryApr 06, 2006 - 10:04 a.m.

CVE-2006-1644

2006-04-0610:04:00

[email protected]

web.nvd.nist.gov

cve-2006-1644

interact 2.1.1

information security

remote attackers

username validation

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

interactinteractRange≤2.1.1

interactinteractMatch1.8.7

interactinteractMatch1.9

interactinteractMatch1.9.1

interactinteractMatch2.0

interactinteractMatch2.1

CPENameOperatorVersion
interact:interactinteractle2.1.1
interact:interactinteracteq1.8.7
interact:interactinteracteq1.9
interact:interactinteracteq1.9.1
interact:interactinteracteq2.0
interact:interactinteracteq2.1

CPE	Name	Operator	Version
interact:interact	interact	le	2.1.1
interact:interact	interact	eq	1.8.7
interact:interact	interact	eq	1.9
interact:interact	interact	eq	1.9.1
interact:interact	interact	eq	2.0
interact:interact	interact	eq	2.1

References

secunia.com/advisories/19488

www.osvdb.org/24388

www.vupen.com/english/advisories/2006/1244

exchange.xforce.ibmcloud.com/vulnerabilities/25651

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2006-1644

nvd1 prion1 cvelist1