Vulnerability Name:

CVE-2006-0015 (CCN-25537)

Assigned:2005-11-09
Published:2006-04-11
Updated:2018-10-19
Summary:Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Apr 12 2006 - 16:32:16 CDT
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting

Source: MITRE
Type: CNA
CVE-2006-0015

Source: CCN
Type: SA19623
Microsoft FrontPage Server Extensions Cross-Site Scripting

Source: SECUNIA
Type: Patch, Vendor Advisory
19623

Source: SREASON
Type: UNKNOWN
704

Source: CCN
Type: SECTRACK ID: 1015895
Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: Patch
1015895

Source: CCN
Type: SECTRACK ID: 1015896
Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: Patch
1015896

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt

Source: CCN
Type: Microsoft Security Bulletin MS06-017
Vulnerability Using Microsoft Front Page Server Extensions Could Allow Cross Site Scripting (917627)

Source: BUGTRAQ
Type: UNKNOWN
20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting

Source: BID
Type: Exploit, Patch
17452

Source: CCN
Type: BID-17452
Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1322

Source: MS
Type: UNKNOWN
MS06-017

Source: XF
Type: UNKNOWN
fpse-html-xss(25537)

Source: XF
Type: UNKNOWN
fpse-html-xss(25537)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1748

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1748
    V
    FPSE XSS Vulnerability
    2015-08-10
    BACK
    microsoft frontpage server extensions 2002
    microsoft sharepoint team services *
    microsoft frontpage server extensions 2002
    microsoft sharepoint team services *
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium