CVE-2006-0993 - The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict acc

CVE-2006-0993

Summary

The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. Upgrade to 3Com TippingPoint SMS Server version 2.2.1.4478

References

Vulnerable Configurations

cpe:2.3:h:3com:tippingpoint_sms_server:-:*:*:*:*:*:*:*
cpe:2.3:h:3com:tippingpoint_sms_server:-:*:*:*:*:*:*:*
cpe:2.3:h:3com:tippingpoint_sms_server:2.2.1.4477:*:*:*:*:*:*:*
cpe:2.3:h:3com:tippingpoint_sms_server:2.2.1.4477:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	17935
bugtraq	20060509 ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability
confirm	http://www.3com.com/securityalert/alerts/3COM-06-002.html
misc	http://www.zerodayinitiative.com/advisories/ZDI-06-013.html
osvdb	25360
sectrack	1016051
secunia	20058
sreason	870
vupen	ADV-2006-1752
xf	tippingpoint-sms-information-disclosure(26338)

Last major update

18-10-2018 - 16:30

Published

10-05-2006 - 02:22

Last modified

18-10-2018 - 16:30