7.5

CVE-2006-3425

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LumensionPatchlink Update Server Version6.2.0.181
LumensionPatchlink Update Server Version6.2.0.189
NovellZenworks Updatesr1 Version <= 6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.81
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
http://secunia.com/advisories/20876
Patch
Vendor Advisory
http://secunia.com/advisories/20878
Patch
Vendor Advisory
http://securityreason.com/securityalert/1200
http://securitytracker.com/id?1016405
Patch
http://www.securityfocus.com/archive/1/438710/100/0/threaded
http://www.securityfocus.com/bid/18723
http://www.vupen.com/english/advisories/2006/2595
http://www.vupen.com/english/advisories/2006/2596