Vulnerability CVE-2006-4958


Published: 2006-09-23   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
Marc Ruef (maru ...
25.09.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Secure global desktop 

 References:
http://securityreason.com/securityalert/1623
http://securitytracker.com/id?1016900
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1
http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555
http://www.securityfocus.com/archive/1/446566/100/0/threaded
http://www.securityfocus.com/bid/20135
http://www.securityfocus.com/bid/20276
http://www.vupen.com/english/advisories/2006/3739
https://exchange.xforce.ibmcloud.com/vulnerabilities/29070
https://exchange.xforce.ibmcloud.com/vulnerabilities/29303

Copyright 2024, cxsecurity.com

 

Back to Top