Lucene search

[email protected]NVD:CVE-2006-4244

HistoryAug 31, 2006 - 1:04 a.m.

CVE-2006-4244

2006-08-3101:04:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.034

Percentile

91.5%

JSON

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

Affected configurations

NVD

Node

sql-ledgersql-ledgerMatch2.4.4

sql-ledgersql-ledgerMatch2.4.5

sql-ledgersql-ledgerMatch2.4.6

sql-ledgersql-ledgerMatch2.4.7

sql-ledgersql-ledgerMatch2.4.8

sql-ledgersql-ledgerMatch2.4.9

sql-ledgersql-ledgerMatch2.4.10

sql-ledgersql-ledgerMatch2.4.11

sql-ledgersql-ledgerMatch2.4.12

sql-ledgersql-ledgerMatch2.4.13

sql-ledgersql-ledgerMatch2.4.14

sql-ledgersql-ledgerMatch2.4.15

sql-ledgersql-ledgerMatch2.4.16

sql-ledgersql-ledgerMatch2.6.0

sql-ledgersql-ledgerMatch2.6.1

sql-ledgersql-ledgerMatch2.6.2

sql-ledgersql-ledgerMatch2.6.3

sql-ledgersql-ledgerMatch2.6.4

sql-ledgersql-ledgerMatch2.6.5

sql-ledgersql-ledgerMatch2.6.6

sql-ledgersql-ledgerMatch2.6.7

sql-ledgersql-ledgerMatch2.6.8

sql-ledgersql-ledgerMatch2.6.9

sql-ledgersql-ledgerMatch2.6.10

sql-ledgersql-ledgerMatch2.6.11

sql-ledgersql-ledgerMatch2.6.12

sql-ledgersql-ledgerMatch2.6.13

sql-ledgersql-ledgerMatch2.6.14

sql-ledgersql-ledgerMatch2.6.15

sql-ledgersql-ledgerMatch2.6.16

sql-ledgersql-ledgerMatch2.6.17

sql-ledgersql-ledgerMatch2.6.18

sql-ledgersql-ledgerMatch2.6.19

sql-ledgersql-ledgerMatch2.6.20

sql-ledgersql-ledgerMatch2.6.21

sql-ledgersql-ledgerMatch2.6.22

sql-ledgersql-ledgerMatch2.6.23

sql-ledgersql-ledgerMatch2.6.24

sql-ledgersql-ledgerMatch2.6.25

sql-ledgersql-ledgerMatch2.6.26

sql-ledgersql-ledgerMatch2.6.27

sql-ledgersql-ledgerMatch2.8.0

sql-ledgersql-ledgerMatch2.8.1

sql-ledgersql-ledgerMatch2.8.2

sql-ledgersql-ledgerMatch2.8.3

sql-ledgersql-ledgerMatch2.8.4

sql-ledgersql-ledgerMatch2.8.5

sql-ledgersql-ledgerMatch2.8.6

sql-ledgersql-ledgerMatch2.8.7

sql-ledgersql-ledgerMatch2.8.8

sql-ledgersql-ledgerMatch2.8.9

sql-ledgersql-ledgerMatch2.8.10

sql-ledgersql-ledgerMatch2.8.11

sql-ledgersql-ledgerMatch2.8.12

sql-ledgersql-ledgerMatch2.8.13

sql-ledgersql-ledgerMatch2.8.14

sql-ledgersql-ledgerMatch2.8.15

sql-ledgersql-ledgerMatch2.8.16

sql-ledgersql-ledgerMatch2.8.17

sql-ledgersql-ledgerMatch2.8.18

References

secunia.com/advisories/21689

securityreason.com/securityalert/1472

www.securityfocus.com/archive/1/444741/100/0/threaded

www.securityfocus.com/archive/1/445512

www.securityfocus.com/bid/19758

www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New

exchange.xforce.ibmcloud.com/vulnerabilities/28671

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.034

Percentile

91.5%

JSON

Related for NVD:CVE-2006-4244

cve1 packetstorm2 seebug1 securityvulns1 debiancve1 cvelist1 ubuntucve1 openvas4 osv1 nessus2 freebsd1 debian1