Lucene search

MitreCVE-2006-2318

HistoryMay 12, 2006 - 12:02 a.m.

CVE-2006-2318

2006-05-1200:02:00

mitre

web.nvd.nist.gov

cve-2006-2318

incomplete blacklist vulnerability

ideal science ideal bb

remote attackers

asp script

extension bypass

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a “.asa” file, which bypasses the check for the “.asp” extension but is executable on the server.

Affected configurations

Nvd

Node

ideal_scienceidealbbMatch1.4.9

ideal_scienceidealbbMatch1.4.9_beta

ideal_scienceidealbbMatch1.4.9a

ideal_scienceidealbbMatch1.5.0_beta1

ideal_scienceidealbbMatch1.5.0_beta2

ideal_scienceidealbbMatch1.5.0_beta3

ideal_scienceidealbbMatch1.5.0_beta4

ideal_scienceidealbbMatch1.5.0_rc1

ideal_scienceidealbbMatch1.5.1

ideal_scienceidealbbMatch1.5.2

ideal_scienceidealbbMatch1.5.2a

ideal_scienceidealbbMatch1.5.2b

ideal_scienceidealbbMatch1.5.2c

ideal_scienceidealbbMatch1.5.3

ideal_scienceidealbbMatch1.5.3_beta1

ideal_scienceidealbbMatch1.5.3_beta2

ideal_scienceidealbbMatch1.5.3a

ideal_scienceidealbbMatch1.5.3b

ideal_scienceidealbbMatch1.5.4a

ideal_scienceidealbbMatch1.5_beta1

ideal_scienceidealbbMatch1.5_beta2

ideal_scienceidealbbMatch1.5_beta3

ideal_scienceidealbbMatch1.5_beta4

ideal_scienceidealbbMatch1.5_beta5

ideal_scienceidealbbMatch1.5_rc1

VendorProductVersionCPE
ideal_scienceidealbb1.4.9cpe:2.3:a:ideal_science:idealbb:1.4.9:*:*:*:*:*:*:*
ideal_scienceidealbb1.4.9_betacpe:2.3:a:ideal_science:idealbb:1.4.9_beta:*:*:*:*:*:*:*
ideal_scienceidealbb1.4.9acpe:2.3:a:ideal_science:idealbb:1.4.9a:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.0_beta1cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.0_beta2cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.0_beta3cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.0_beta4cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.0_rc1cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.1cpe:2.3:a:ideal_science:idealbb:1.5.1:*:*:*:*:*:*:*
ideal_scienceidealbb1.5.2cpe:2.3:a:ideal_science:idealbb:1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ideal_science	idealbb	1.4.9	cpe:2.3:a:ideal_science:idealbb:1.4.9:::::::*
ideal_science	idealbb	1.4.9_beta	cpe:2.3:a:ideal_science:idealbb:1.4.9_beta:::::::*
ideal_science	idealbb	1.4.9a	cpe:2.3:a:ideal_science:idealbb:1.4.9a:::::::*
ideal_science	idealbb	1.5.0_beta1	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta1:::::::*
ideal_science	idealbb	1.5.0_beta2	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta2:::::::*
ideal_science	idealbb	1.5.0_beta3	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta3:::::::*
ideal_science	idealbb	1.5.0_beta4	cpe:2.3:a:ideal_science:idealbb:1.5.0_beta4:::::::*
ideal_science	idealbb	1.5.0_rc1	cpe:2.3:a:ideal_science:idealbb:1.5.0_rc1:::::::*
ideal_science	idealbb	1.5.1	cpe:2.3:a:ideal_science:idealbb:1.5.1:::::::*
ideal_science	idealbb	1.5.2	cpe:2.3:a:ideal_science:idealbb:1.5.2:::::::*

Rows per page:

1-10 of 251

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html

secunia.com/advisories/20035

securityreason.com/securityalert/871

www.idealscience.com/ibb/posts.aspx?postID=24415

www.osvdb.org/25456

www.securityfocus.com/archive/1/433248/100/0/threaded

www.securityfocus.com/bid/17920

www.vupen.com/english/advisories/2006/1729

exchange.xforce.ibmcloud.com/vulnerabilities/26353

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

77.2%

JSON

Related for CVE-2006-2318