Lucene search

FlexeraCVE-2006-2311

HistoryJun 26, 2006 - 10:06 a.m.

CVE-2006-2311

2006-06-2610:06:00

flexera

web.nvd.nist.gov

cve-2006-2311

cross-site scripting

xss

bluedragon server

server jx

vulnerability

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.

Affected configurations

Nvd

Node

new_atlanta_communicationsbluedragon_serverMatch6.2.1.286windows

new_atlanta_communicationsbluedragon_server_jxMatch6.2.1.286windows

VendorProductVersionCPE
new_atlanta_communicationsbluedragon_server6.2.1.286cpe:2.3:a:new_atlanta_communications:bluedragon_server:6.2.1.286:*:windows:*:*:*:*:*
new_atlanta_communicationsbluedragon_server_jx6.2.1.286cpe:2.3:a:new_atlanta_communications:bluedragon_server_jx:6.2.1.286:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
new_atlanta_communications	bluedragon_server	6.2.1.286	cpe:2.3:a:new_atlanta_communications:bluedragon_server:6.2.1.286::windows:::::
new_atlanta_communications	bluedragon_server_jx	6.2.1.286	cpe:2.3:a:new_atlanta_communications:bluedragon_server_jx:6.2.1.286::windows:::::

References

secunia.com/advisories/19180

secunia.com/secunia_research/2006-18/advisory

www.securityfocus.com/bid/18623

www.vupen.com/english/advisories/2006/2502

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Related for CVE-2006-2311