CVE-2006-0917 - Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and o

CVE-2006-0917

Summary

Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link.

References

Vulnerable Configurations

cpe:2.3:a:melange:melange_chat_system:1.10:*:*:*:*:*:*:*
cpe:2.3:a:melange:melange_chat_system:1.10:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	16747
bugtraq	20060221 grab cookie information with Melange Chat Server 1.10
misc	http://www.oh2600.com/forum/viewtopic.php?t=43
secunia	18984
sreason	463
xf	melange-chat-command-information-disclosure(24868)

Last major update

18-10-2018 - 16:29

Published

28-02-2006 - 11:02

Last modified

18-10-2018 - 16:29