Lucene search

[email protected]CVE-2006-6984

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6984

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6984

greenbrowser

cross-domain vulnerability

remote attacks

information disclosure

object tag

data parameter

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

more_quick_toolsgreenbrowserMatch3.4.0622

CPENameOperatorVersion
more_quick_tools:greenbrowsermore quick tools greenbrowsereq3.4.0622

CPE	Name	Operator	Version
more_quick_tools:greenbrowser	more quick tools greenbrowser	eq	3.4.0622

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6984

cvelist11 nvd11 cve10 cert1 checkpoint_advisories1 securityvulns2 nessus1