CVE-2006-4659

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21769
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp	Vendor Advisory
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/bid/19891

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:::::::*
	cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:::::::*

History

No history.

Information

Published : 2006-09-09 00:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-4659

Mitre link : CVE-2006-4659

CVE.ORG link : CVE-2006-4659

JSON object : View

Products Affected

panda

panda_platinum_internet_security

CWE

NVD-CWE-Other

{"id": "CVE-2006-4659", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-09-09T00:04:00.000", "references": [{"url": "http://secunia.com/advisories/21769", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1524", "source": "cve@mitre.org"}, {"url": "http://www.security.nnov.ru/advisories/pandais.asp", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19891", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."}, {"lang": "es", "value": "The Panda Platinum Internet Security 2006 10.02.01 y 2007 11.00.00 utiliza URLs fiables para la clasificaci\u00f3n de spam de cada mensaje, lo cual permite que atacantes remotos hagan que el Panda clasificar mensajes de su elecci\u00f3n como Spam a trav\u00e9s de una p\u00e1gina web que contenga etiquetas de IMG con las URLs fiables. NOTA: esta edici\u00f3n se podr\u00eda tambi\u00e9n mirarse como una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n de un sitio cruzado (CSRF)."}], "lastModified": "2018-10-17T21:38:55.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C229CED-468A-40C3-B444-2E8BBA8335B4"}, {"criteria": "cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746F88AC-995B-4197-B8DB-105C0CCFF49F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}