CVE-2006-3147 - OpenCVE

Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hosting Controller	Hosting Controller

Configuration 1 [-]

OR	cpe:2.3:a:hosting_controller:hosting_controller:6.1:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:::::::*
	cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.9:::::::*

No data.

References

Link	Providers
http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html
http://secunia.com/advisories/20743
http://securitytracker.com/id?1016444
http://www.osvdb.org/26693
http://www.securityfocus.com/bid/18565
http://www.vupen.com/english/advisories/2006/2459
https://exchange.xforce.ibmcloud.com/vulnerabilities/27340

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-22T22:00:00

Updated: 2024-08-07T18:16:05.918Z

Reserved: 2006-06-22T00:00:00

Link: CVE-2006-3147

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-22T22:06:00.000

Modified: 2017-07-20T01:32:05.163

Link: CVE-2006-3147

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016444", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016444"}, {"name": "hosting-controller-admin-gain-privileges(27340)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27340"}, {"name": "18565", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18565"}, {"name": "20743", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20743"}, {"name": "26693", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26693"}, {"name": "ADV-2006-2459", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2459"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3147", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016444", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016444"}, {"name": "hosting-controller-admin-gain-privileges(27340)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27340"}, {"name": "18565", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18565"}, {"name": "20743", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20743"}, {"name": "26693", "refsource": "OSVDB", "url": "http://www.osvdb.org/26693"}, {"name": "ADV-2006-2459", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2459"}, {"name": "http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html", "refsource": "CONFIRM", "url": "http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.918Z"}, "title": "CVE Program Container", "references": [{"name": "1016444", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016444"}, {"name": "hosting-controller-admin-gain-privileges(27340)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27340"}, {"name": "18565", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18565"}, {"name": "20743", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20743"}, {"name": "26693", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26693"}, {"name": "ADV-2006-2459", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2459"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3147", "datePublished": "2006-06-22T22:00:00", "dateReserved": "2006-06-22T00:00:00", "dateUpdated": "2024-08-07T18:16:05.918Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "7BD6BB80-8513-4294-8A81-FE8B11FA8BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A8DDFC8A-C341-4137-AF44-F93E814E218B", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8BDE7F42-4372-440E-9E8A-D4B123EB9045", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*", "matchCriteriaId": "03E517F5-FA8C-4099-9D2C-6818A3082881", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABC9B48D-8D14-40D1-A444-2EC2661E40A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*", "matchCriteriaId": "52010E43-81DA-4E60-8CE9-7E60DC017DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BAAEE0D-CDCE-46F2-8FCD-E9C9CD7BB159", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:*:*:*:*:*:*:*", "matchCriteriaId": "0F0B0DB0-92F4-4F62-8962-0723633540BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.9:*:*:*:*:*:*:*", "matchCriteriaId": "DFA29887-EEE3-470E-8837-B45DEF171B10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Hosting Controller antes de la versi\u00f3n v6.1 (alias Hotfix v3.2) permite, a atacantes remotos autenticados, obtener privilegios de administrador, listar todos los distribuidores, o cambiar las contrase\u00f1as de distribuidores a trav\u00e9s de vectores no especificados. NOTA: debido a la falta de detalles precisos, no est\u00e1 claro si esto est\u00e1 relacionado con un tema divulgado previamente como CVE-2005-1788.\r\n"}], "id": "CVE-2006-3147", "lastModified": "2017-07-20T01:32:05.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-22T22:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://hostingcontroller.com/english/logs/hotfixlogv61_3_2.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20743"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016444"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26693"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18565"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2459"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27340"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}