CVE-2006-1627

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/15924	Vendor Advisory
http://secunia.com/secunia_research/2005-68/advisory/	Vendor Advisory
http://securitytracker.com/id?1015905
http://www.adobe.com/support/techdocs/322699.html
http://www.securityfocus.com/archive/1/430869/100/0/threaded
http://www.securityfocus.com/bid/17500
http://www.vupen.com/english/advisories/2006/1342
https://exchange.xforce.ibmcloud.com/vulnerabilities/25769

Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*

History

No history.

Information

Published : 2006-04-13 18:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-1627

Mitre link : CVE-2006-1627

CVE.ORG link : CVE-2006-1627

JSON object : View

Products Affected

adobe

acrobat_reader

CWE

NVD-CWE-Other

{"id": "CVE-2006-1627", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-04-13T18:02:00.000", "references": [{"url": "http://secunia.com/advisories/15924", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/secunia_research/2005-68/advisory/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015905", "source": "cve@mitre.org"}, {"url": "http://www.adobe.com/support/techdocs/322699.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17500", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1342", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."}], "lastModified": "2018-10-18T16:33:40.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3D78AA-2446-4652-92EA-2DCB65B84A87", "versionEndIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}