CVE-2006-4659 - OpenCVE

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Panda	Panda Platinum Internet Security

Configuration 1 [-]

OR	cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:::::::*
	cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/21769
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/bid/19891

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-09T00:00:00

Updated: 2024-08-07T19:23:39.912Z

Reserved: 2006-09-08T00:00:00

Link: CVE-2006-4659

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-09T00:04:00.000

Modified: 2018-10-17T21:38:55.793

Link: CVE-2006-4659

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1524", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1524"}, {"name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded"}, {"name": "19891", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19891"}, {"tags": ["x_refsource_MISC"], "url": "http://www.security.nnov.ru/advisories/pandais.asp"}, {"name": "21769", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21769"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1524", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1524"}, {"name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded"}, {"name": "19891", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19891"}, {"name": "http://www.security.nnov.ru/advisories/pandais.asp", "refsource": "MISC", "url": "http://www.security.nnov.ru/advisories/pandais.asp"}, {"name": "21769", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21769"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:39.912Z"}, "title": "CVE Program Container", "references": [{"name": "1524", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1524"}, {"name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded"}, {"name": "19891", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19891"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.security.nnov.ru/advisories/pandais.asp"}, {"name": "21769", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21769"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4659", "datePublished": "2006-09-09T00:00:00", "dateReserved": "2006-09-08T00:00:00", "dateUpdated": "2024-08-07T19:23:39.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:*:*:*:*:*:*:*", "matchCriteriaId": "3C229CED-468A-40C3-B444-2E8BBA8335B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "746F88AC-995B-4197-B8DB-105C0CCFF49F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability."}, {"lang": "es", "value": "The Panda Platinum Internet Security 2006 10.02.01 y 2007 11.00.00 utiliza URLs fiables para la clasificaci\u00f3n de spam de cada mensaje, lo cual permite que atacantes remotos hagan que el Panda clasificar mensajes de su elecci\u00f3n como Spam a trav\u00e9s de una p\u00e1gina web que contenga etiquetas de IMG con las URLs fiables. NOTA: esta edici\u00f3n se podr\u00eda tambi\u00e9n mirarse como una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n de un sitio cruzado (CSRF)."}], "id": "CVE-2006-4659", "lastModified": "2018-10-17T21:38:55.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-09T00:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21769"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1524"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.security.nnov.ru/advisories/pandais.asp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19891"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}