Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2479

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2479
Last Modified 07 Mar 2011 09:36:16
Published 19 May 2006 01:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2479

Summary

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.

Vulnerable Systems

Application

  • Bitrix Site Manager 4.0.0

  • Bitrix Site Manager 4.0.2

  • Bitrix Site Manager 4.0.3

  • Bitrix Site Manager 4.0.4

  • Bitrix Site Manager 4.0.5

  • Bitrix Site Manager 4.0.6

  • Bitrix Site Manager 4.0.7

  • Bitrix Site Manager 4.0.8

  • Bitrix Site Manager 4.1.0


References

VUPEN - ADV-2006-1858

BUGTRAQ - 20060518 Multiple Vulns in Bitrix CMS

SECTRACK - 1016121

XF - bitrixcms-update-cache-poisoning(26548)

XF - bitrixcms-updaterlog-information-disclosure(26542)

SREASON - 918


Last Updated: 27 May 2016 10:42:29