CVE-2006-1627 - Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows

CVE-2006-1627

Summary

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.

References

Vulnerable Configurations

cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17500
bugtraq	20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities
confirm	http://www.adobe.com/support/techdocs/322699.html
misc	http://secunia.com/secunia_research/2005-68/advisory/
sectrack	1015905
secunia	15924
vupen	ADV-2006-1342
xf	adobe-access-control-bypass(25769)

Last major update

18-10-2018 - 16:33

Published

13-04-2006 - 18:02

Last modified

18-10-2018 - 16:33