CVE-2006-6346 - OpenCVE

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Internet Graphics Server

Configuration 1 [-]

OR	cpe:2.3:a:sap:internet_graphics_server::::::::
	cpe:2.3:a:sap:internet_graphics_server::::::::

References

Link	Resource
http://secunia.com/advisories/23262
http://securityreason.com/securityalert/1985
http://securitytracker.com/id?1017341
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf
http://www.securityfocus.com/archive/1/453560/100/0/threaded
http://www.securityfocus.com/bid/21448
http://www.vupen.com/english/advisories/2006/4863
https://exchange.xforce.ibmcloud.com/vulnerabilities/30766

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-07T01:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-12-06T00:00:00

Link: CVE-2006-6346

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-07T01:28:00.000

Modified: 2018-10-17T21:47:50.127

Link: CVE-2006-6346

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sap-igs-weak-security(30766)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"name": "ADV-2006-4863", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"name": "23262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23262"}, {"name": "1017341", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017341"}, {"name": "21448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21448"}, {"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"name": "1985", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1985"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sap-igs-weak-security(30766)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"name": "ADV-2006-4863", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf", "refsource": "MISC", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"name": "23262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23262"}, {"name": "1017341", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017341"}, {"name": "21448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21448"}, {"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"name": "1985", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1985"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6346", "datePublished": "2006-12-07T01:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBA20BFA-179D-4970-8E97-405DB891E3C5", "versionEndIncluding": "6.40_patch_15", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F942FE1D-B9AE-41CA-B738-57A1D2E4095F", "versionEndIncluding": "7.00_patch_3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}, {"lang": "es", "value": "Vulnerabilidad no especificada SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 y anteriores, y 7.00 Patchlevel 3 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (apagado de servicio), obtener informaci\u00f3n sensible (ficheros de configuraci\u00f3n), y llevar a cabo otras actividades no autorizadas, relacionado con \"Caracter\u00edsticas no Documentadas\". NOTA: es posible que haya muchas versiones para esta vulnerabilidad. Esta informaci\u00f3n est\u00e1 basada en una revelaci\u00f3n inicial imprecisa. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia. Este es probablemente un asunto diferente que CVE-2006-4134."}], "id": "CVE-2006-6346", "lastModified": "2018-10-17T21:47:50.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-07T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23262"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1985"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017341"}, {"source": "cve@mitre.org", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21448"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}