CVE-2006-2131 - OpenCVE

include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Advanced Poll	Advanced Poll

Configuration 1 [-]

cpe:2.3:a:advanced_poll:advanced_poll:2.0.4:*:*:*:*:*:*:*

References

Link	Resource
http://evuln.com/vulns/131/summary.html
http://secunia.com/advisories/19899
http://www.vupen.com/english/advisories/2006/1603
https://exchange.xforce.ibmcloud.com/vulnerabilities/26154

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-01T23:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-05-01T00:00:00

Link: CVE-2006-2131

JSON object: View

NVD Information

Status : Modified

Published: 2006-05-01T23:02:00.000

Modified: 2017-07-20T01:31:12.443

Link: CVE-2006-2131

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://evuln.com/vulns/131/summary.html"}, {"name": "19899", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19899"}, {"name": "advancedpoll-header-spoofing(26154)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"}, {"name": "ADV-2006-1603", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1603"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://evuln.com/vulns/131/summary.html", "refsource": "MISC", "url": "http://evuln.com/vulns/131/summary.html"}, {"name": "19899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19899"}, {"name": "advancedpoll-header-spoofing(26154)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"}, {"name": "ADV-2006-1603", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1603"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2131", "datePublished": "2006-05-01T23:00:00", "dateReserved": "2006-05-01T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}