CVE-2006-7201

{"id": "CVE-2006-7201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-04-30T23:19:00.000", "references": [{"url": "http://www.cr-labs.com/publications/SiteKey-20060718.pdf", "source": "cve@mitre.org"}, {"url": "http://www.cr-labs.com/publications/WhySiteKey-20060824.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP."}, {"lang": "es", "value": "EMC RSA Security SiteKey no establece el cualificador de seguridad en el testigo (token) SiteKey Flash (tambi\u00e9n conocido como el objeto compartido PassMark Flash), el cual permite a atacantes remotos obtener el testigo v\u00eda HTTP."}], "lastModified": "2008-09-05T21:16:40.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_security_sitekey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8C1263-8E82-4D21-B0BC-D521A1099834"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}