Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0917

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-0917
Last Modified 05 Sep 2008 05:00:33
Published 28 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0917

Summary

Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link.

Vulnerable Systems

Application

  • Melange Chat System 1.10


References

XF - melange-chat-command-information-disclosure(24868)

BID - 16747

BUGTRAQ - 20060221 grab cookie information with Melange Chat Server 1.10

MISC - http://www.oh2600.com/forum/viewtopic.php?t=43

SECUNIA - 18984

SREASON - 463


Last Updated: 27 May 2016 10:41:50