NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-2479

Summary	The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
Publication Date	May 20, 2006, 2:02 a.m.
Registration Date	Jan. 29, 2021, 3:37 p.m.
Last Update	Oct. 19, 2018, 1:40 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.0:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.2:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.3:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.4:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.5:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.6:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.7:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.0.8:::::::*
cpe:2.3:a:bitrix:bitrix_site_manager:4.1.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://securityreason.com/securityalert/918	SREASON
2	http://securitytracker.com/id?1016121	SECTRACK	Exploit
3	http://www.securityfocus.com/archive/1/434367/100/0/threaded	BUGTRAQ
4	http://www.vupen.com/english/advisories/2006/1858	VUPEN
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/26542	XF
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/26548	XF

Common Vulnerabilities List