CVE-2006-1627 - OpenCVE

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Acrobat Reader

Configuration 1 [-]

cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/15924
http://secunia.com/secunia_research/2005-68/advisory/
http://securitytracker.com/id?1015905
http://www.adobe.com/support/techdocs/322699.html
http://www.securityfocus.com/archive/1/430869/100/0/threaded
http://www.securityfocus.com/bid/17500
http://www.vupen.com/english/advisories/2006/1342
https://exchange.xforce.ibmcloud.com/vulnerabilities/25769

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-13T18:00:00

Updated: 2024-08-07T17:19:48.645Z

Reserved: 2006-04-05T00:00:00

Link: CVE-2006-1627

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-13T18:02:00.000

Modified: 2018-10-18T16:33:40.280

Link: CVE-2006-1627

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"}, {"name": "adobe-access-control-bypass(25769)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/techdocs/322699.html"}, {"name": "1015905", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015905"}, {"name": "15924", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15924"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2005-68/advisory/"}, {"name": "ADV-2006-1342", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1342"}, {"name": "17500", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17500"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1627", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"}, {"name": "adobe-access-control-bypass(25769)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"}, {"name": "http://www.adobe.com/support/techdocs/322699.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/techdocs/322699.html"}, {"name": "1015905", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015905"}, {"name": "15924", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15924"}, {"name": "http://secunia.com/secunia_research/2005-68/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2005-68/advisory/"}, {"name": "ADV-2006-1342", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1342"}, {"name": "17500", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17500"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:19:48.645Z"}, "title": "CVE Program Container", "references": [{"name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"}, {"name": "adobe-access-control-bypass(25769)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/techdocs/322699.html"}, {"name": "1015905", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015905"}, {"name": "15924", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15924"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2005-68/advisory/"}, {"name": "ADV-2006-1342", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1342"}, {"name": "17500", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17500"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1627", "datePublished": "2006-04-13T18:00:00", "dateReserved": "2006-04-05T00:00:00", "dateUpdated": "2024-08-07T17:19:48.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:reader_extensions:*:*:*:*:*", "matchCriteriaId": "AF3D78AA-2446-4652-92EA-2DCB65B84A87", "versionEndIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure."}], "id": "CVE-2006-1627", "lastModified": "2018-10-18T16:33:40.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-13T18:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15924"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2005-68/advisory/"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015905"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/techdocs/322699.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17500"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1342"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25769"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}