gsd - gsd-2006-3101

gsd-2006-3101

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.

Aliases

CVE-2006-3101

Aliases

CVE-2006-3101

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3101",
    "description": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.",
    "id": "GSD-2006-3101"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3101"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.",
      "id": "GSD-2006-3101",
      "modified": "2023-12-13T01:19:57.755929Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3101",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-acs-logonproxy-xss(27166)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
          },
          {
            "name": "20699",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20699"
          },
          {
            "name": "1016317",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016317"
          },
          {
            "name": "20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
          },
          {
            "name": "18449",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18449"
          },
          {
            "name": "20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
          },
          {
            "name": "26531",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26531"
          },
          {
            "name": "ADV-2006-2384",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2384"
          },
          {
            "name": "1116",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1116"
          },
          {
            "name": "20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3101"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
            },
            {
              "name": "18449",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/18449"
            },
            {
              "name": "1016317",
              "refsource": "SECTRACK",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016317"
            },
            {
              "name": "20699",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20699"
            },
            {
              "name": "26531",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26531"
            },
            {
              "name": "1116",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1116"
            },
            {
              "name": "ADV-2006-2384",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2384"
            },
            {
              "name": "cisco-acs-logonproxy-xss(27166)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
            },
            {
              "name": "20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
            },
            {
              "name": "20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:45Z",
      "publishedDate": "2006-06-21T01:02Z"
    }
  }
}

CVE-2006-3101 (GCVE-0-2006-3101)

Vulnerability from cvelistv5

Published

2006-06-21 01:00

Modified

2024-08-07 18:16

Severity ?

CWE

Summary

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/27166	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/20699	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1016317	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/437480/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/18449	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/437441/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.osvdb.org/26531	vdb-entry, x_refsource_OSVDB
	http://www.vupen.com/english/advisories/2006/2384	vdb-entry, x_refsource_VUPEN
	http://securityreason.com/securityalert/1116	third-party-advisory, x_refsource_SREASON
	http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website