CVE-2006-0015 - OpenCVE

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Sharepoint Team Services Frontpage Server Extensions

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:frontpage_server_extensions:2002:::::::*
	cpe:2.3:a:microsoft:sharepoint_team_services::::::::

References

Link	Resource
http://secunia.com/advisories/19623	Patch Vendor Advisory
http://securityreason.com/securityalert/704
http://securitytracker.com/id?1015895	Patch
http://securitytracker.com/id?1015896	Patch
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt	Exploit Patch Vendor Advisory
http://www.securityfocus.com/archive/1/430803/100/0/threaded
http://www.securityfocus.com/bid/17452	Exploit Patch
http://www.vupen.com/english/advisories/2006/1322
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2006-04-11T23:00:00

Updated: 2018-10-19T14:57:01

Reserved: 2005-11-09T00:00:00

Link: CVE-2006-0015

JSON object: View

NVD Information

Status : Modified

Published: 2006-04-11T23:02:00.000

Modified: 2018-10-19T15:42:00.680

Link: CVE-2006-0015

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "fpse-html-xss(25537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"name": "17452", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17452"}, {"name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1748", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}, {"name": "19623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19623"}, {"name": "704", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/704"}, {"name": "1015896", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015896"}, {"name": "ADV-2006-1322", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"tags": ["x_refsource_MISC"], "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"name": "1015895", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015895"}, {"name": "MS06-017", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-0015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fpse-html-xss(25537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"name": "17452", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17452"}, {"name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1748", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}, {"name": "19623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19623"}, {"name": "704", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/704"}, {"name": "1015896", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015896"}, {"name": "ADV-2006-1322", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"name": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt", "refsource": "MISC", "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"name": "1015895", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015895"}, {"name": "MS06-017", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-0015", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2005-11-09T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*", "matchCriteriaId": "E7E274F0-F1B8-4C3D-961B-80B92830ABF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "83ADDF33-AC0A-43F1-8250-EC84221F02D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}], "id": "CVE-2006-0015", "lastModified": "2018-10-19T15:42:00.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-11T23:02:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19623"}, {"source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/704"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015895"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015896"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/17452"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}