CVE-2006-6933

Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/22739	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30075
http://secunia.com/advisories/22739	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30075

Configurations

Configuration 1 (hide)

cpe:2.3:a:efs_software:easy_chat_server:2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:23

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/22739 - Exploit, Vendor Advisory~~	() http://secunia.com/advisories/22739 - Exploit, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/30075 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/30075 -

Information

Published : 2007-01-16 23:28

Updated : 2024-11-21 00:23

NVD link : CVE-2006-6933

Mitre link : CVE-2006-6933

CVE.ORG link : CVE-2006-6933

JSON object : View

Products Affected

efs_software

easy_chat_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-6933", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"url": "http://secunia.com/advisories/22739", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30075", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22739", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30075", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Easy Chat Server 2.1 almacena informaci\u00f3n sensible bajo el ra\u00edz del web (web root) con insuficiente control de acceso, lo que permite a atacantes remotos descargarse ciertos ficheros mediante una petici\u00f3n directa a los ficheros como por ejemplo (1) ServerKey.pem y(2) AcceptIP.txt. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:23:59.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:efs_software:easy_chat_server:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E2EB1B-2315-4676-A766-FA3F92145E9D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}