Lucene search

[email protected]NVD:CVE-2006-7013

HistoryFeb 15, 2007 - 2:28 a.m.

CVE-2006-7013

2007-02-1502:28:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue

Affected configurations

NVD

Node

simple_machinessimple_machines_forumRange≤1.0.7

simple_machinessimple_machines_forumRange≤1.1_rc2

References

securityreason.com/securityalert/2256

www.securityfocus.com/archive/1/435686/30/4740/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/27082

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for NVD:CVE-2006-7013

securityvulns1 cvelist1 cve1