Lucene search

[email protected]CVE-2006-1785

HistoryApr 13, 2006 - 10:02 p.m.

CVE-2006-1785

2006-04-1322:02:00

[email protected]

web.nvd.nist.gov

adobe

document server

reader extensions 6.0

remote

web script

uri

readerurl

update download site

ads-readerext

cve-2006-1785

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the “Update Download Site” section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.

Affected configurations

NVD

Node

adobedocument_serverMatch6.0reader_extensions

CPENameOperatorVersion
adobe:document_serveradobe document servereq6.0

CPE	Name	Operator	Version
adobe:document_server	adobe document server	eq	6.0

References

secunia.com/advisories/15924

secunia.com/secunia_research/2005-68/advisory/

www.adobe.com/support/techdocs/322699.html

www.osvdb.org/24588

www.securityfocus.com/archive/1/430869/100/0/threaded

www.securityfocus.com/bid/17500

www.vupen.com/english/advisories/2006/1342

exchange.xforce.ibmcloud.com/vulnerabilities/25770

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2006-1785

prion1 cvelist1 nvd1 nessus1