Lucene search

[email protected]CVE-2006-6986

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2006-6986

2007-02-0901:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6986

cross-domain vulnerability

phaseout 5.4.4

remote attackers

restricted information

object tag

data parameter

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker’s originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Affected configurations

NVD

Node

phaseoutphaseoutMatch5.4.4

CPENameOperatorVersion
phaseout:phaseoutphaseouteq5.4.4

CPE	Name	Operator	Version
phaseout:phaseout	phaseout	eq	5.4.4

References

pridels0.blogspot.com/2006/06/multiple-browsers-information.html

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.935 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-6986

cvelist11 nvd11 cve10 cert1 checkpoint_advisories1 securityvulns2 nessus1