CVE-2006-3425

high

Description

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

References

http://www.vupen.com/english/advisories/2006/2596

http://www.vupen.com/english/advisories/2006/2595

http://www.securityfocus.com/bid/18723

http://www.securityfocus.com/archive/1/438710/100/0/threaded

http://securitytracker.com/id?1016405

http://securityreason.com/securityalert/1200

http://secunia.com/advisories/20878

http://secunia.com/advisories/20876

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html

Details

Source: Mitre, NVD

Published: 2006-07-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High