CVE-2006-5211

Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/22156	Patch Vendor Advisory
http://www.securityfocus.com/bid/20330	Patch
http://www.trendmicro.com/download/product.asp?productid=5	Patch
http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt	Patch
http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt	Patch
http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt	Patch
http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt	Patch
http://www.vupen.com/english/advisories/2006/3882

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trend_micro:officescan_corporate_edition:6.5:::::::*
	cpe:2.3:a:trend_micro:officescan_corporate_edition:7.0:::::::*
	cpe:2.3:a:trend_micro:officescan_corporate_edition:7.3:::::::*

History

No history.

Information

Published : 2006-10-10 04:06

Updated : 2024-02-04 17:13

NVD link : CVE-2006-5211

Mitre link : CVE-2006-5211

CVE.ORG link : CVE-2006-5211

JSON object : View

Products Affected

trend_micro

officescan_corporate_edition

CWE

NVD-CWE-Other

{"id": "CVE-2006-5211", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-10-10T04:06:00.000", "references": [{"url": "http://secunia.com/advisories/22156", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20330", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/download/product.asp?productid=5", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3882", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program."}, {"lang": "es", "value": "Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.1418, 7.0 anterior a 7.0.0.1257, y 7.3 anterior a 7.3.0.1053 permite a atacantes remotos eliminar clientes OfficeScan mediante una petici\u00f3n HTTP determinada que invoca al programa CGI de OfficeScan."}], "lastModified": "2011-03-08T02:42:46.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan_corporate_edition:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "568D4315-0598-4E6A-A2EF-75180185997B"}, {"criteria": "cpe:2.3:a:trend_micro:officescan_corporate_edition:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25D4D2B-B000-43B3-8CA8-9AAB5D719F44"}, {"criteria": "cpe:2.3:a:trend_micro:officescan_corporate_edition:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9746FBD6-15FA-4703-ADEA-A940DE5F850A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "A security patch for each affected product has been released by the vendor."}