Vulnerability Name: | CVE-2006-6579 (CCN-31008) | ||||||||
Assigned: | 2006-12-12 | ||||||||
Published: | 2006-12-12 | ||||||||
Updated: | 2020-11-23 | ||||||||
Summary: | Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | ||||||||
CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P) 3.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Tue Dec 12 2006 - 20:02:56 CST ASP Cmd Shell On IIS 5.1 Source: MITRE Type: CNA CVE-2006-6579 Source: CCN Type: OSVDB ID: 35962 Microsoft Windows XP Registry QHEADLES Permission Weakness Source: BUGTRAQ Type: UNKNOWN 20061213 ASP Cmd Shell On IIS 5.1 Source: XF Type: UNKNOWN winxp-directory-weak-permission(31008) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |