Lucene search

MitreCVE-2006-3101

HistoryJun 21, 2006 - 1:02 a.m.

CVE-2006-3101

2006-06-2101:02:00

mitre

web.nvd.nist.gov

125

cve-2006-3101

cross-site scripting

xss

logonproxy.cgi

cisco

secure acs

unix

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.829

Percentile

98.4%

JSON

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.

Affected configurations

Nvd

Node

ciscosecure_access_control_serverMatch2.3unix

VendorProductVersionCPE
ciscosecure_access_control_server2.3cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_server	2.3	cpe:2.3:a:cisco:secure_access_control_server:2.3::unix:::::

References

secunia.com/advisories/20699

securityreason.com/securityalert/1116

securitytracker.com/id?1016317

www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html

www.osvdb.org/26531

www.securityfocus.com/archive/1/437441/100/0/threaded

www.securityfocus.com/archive/1/437480/100/0/threaded

www.securityfocus.com/bid/18449

www.vupen.com/english/advisories/2006/2384

exchange.xforce.ibmcloud.com/vulnerabilities/27166

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.829

Percentile

98.4%

JSON

Related for CVE-2006-3101