CVE-2006-4958 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Secure Global Desktop

Configuration 1 [-]

OR	cpe:2.3:a:sun:secure_global_desktop:3.42::enterprise:::::
	cpe:2.3:a:sun:secure_global_desktop:4.0::enterprise:::::

No data.

References

Link	Providers
http://secunia.com/advisories/22037
http://securityreason.com/securityalert/1623
http://securitytracker.com/id?1016900
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1
http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555
http://www.securityfocus.com/archive/1/446566/100/0/threaded
http://www.securityfocus.com/bid/20135
http://www.securityfocus.com/bid/20276
http://www.vupen.com/english/advisories/2006/3739
https://exchange.xforce.ibmcloud.com/vulnerabilities/29070
https://exchange.xforce.ibmcloud.com/vulnerabilities/29303

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-23T10:00:00

Updated: 2024-08-07T19:32:22.972Z

Reserved: 2006-09-22T00:00:00

Link: CVE-2006-4958

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-09-23T10:07:00.000

Modified: 2018-10-17T21:40:32.937

Link: CVE-2006-4958

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016900", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016900"}, {"name": "sun-ssgd-unspecified-xss(29070)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29070"}, {"name": "22037", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22037"}, {"name": "20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/446566/100/0/threaded"}, {"name": "20276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20276"}, {"name": "sun-ssgd-xss(29303)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29303"}, {"tags": ["x_refsource_MISC"], "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm"}, {"name": "102650", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1"}, {"name": "1623", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1623"}, {"name": "ADV-2006-3739", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3739"}, {"name": "20135", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20135"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4958", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016900"}, {"name": "sun-ssgd-unspecified-xss(29070)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29070"}, {"name": "22037", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22037"}, {"name": "20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446566/100/0/threaded"}, {"name": "20276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20276"}, {"name": "sun-ssgd-xss(29303)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29303"}, {"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555", "refsource": "MISC", "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm"}, {"name": "102650", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1"}, {"name": "1623", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1623"}, {"name": "ADV-2006-3739", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3739"}, {"name": "20135", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20135"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:32:22.972Z"}, "title": "CVE Program Container", "references": [{"name": "1016900", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016900"}, {"name": "sun-ssgd-unspecified-xss(29070)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29070"}, {"name": "22037", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22037"}, {"name": "20060921 [scip_Advisory 2555] Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/446566/100/0/threaded"}, {"name": "20276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20276"}, {"name": "sun-ssgd-xss(29303)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29303"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm"}, {"name": "102650", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1"}, {"name": "1623", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1623"}, {"name": "ADV-2006-3739", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3739"}, {"name": "20135", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20135"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4958", "datePublished": "2006-09-23T10:00:00", "dateReserved": "2006-09-22T00:00:00", "dateUpdated": "2024-08-07T19:32:22.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:secure_global_desktop:3.42:*:enterprise:*:*:*:*:*", "matchCriteriaId": "6DCA2744-A4A1-497D-A133-9D2B4E56BAF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:secure_global_desktop:4.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "D957237E-B27F-4830-94C9-4C2ACE107AD0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Secure Global Desktop (SSGD, tambi\u00e9n conocido como Tarantella) anterior a 4.20.983 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados, posiblemente afecte a (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, o (7) test-cgi. NOTA: Esta informaci\u00f3n se basa sobre en una informaci\u00f3n b\u00e1sica. Los detalles ser\u00e1n puestos al d\u00eda cuando se encuentren disponibles."}], "id": "CVE-2006-4958", "lastModified": "2018-10-17T21:40:32.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-23T10:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22037"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1623"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016900"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm"}, {"source": "cve@mitre.org", "url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2555"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446566/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20135"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20276"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3739"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29070"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29303"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}