ID

VAR-200605-0197


CVE

CVE-2006-1466


TITLE

Apple Xcode Tools WebObjects Permissions and Access Control Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

DESCRIPTION

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. Xcode Tools is prone to an unauthorized remote access vulnerability through the WebObjects plug-in. A remote attacker can exploit this issue to manipulate projects through the network service. This issue affects only those systems with the Xcode Tools WebObjects plug-in installed. TITLE: Apple Xcode WebObjects Plugin Access Control Vulnerability SECUNIA ADVISORY ID: SA20267 VERIFY ADVISORY: http://secunia.com/advisories/20267/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ DESCRIPTION: A vulnerability has been reported in Apple Xcode, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability has been reported in versions prior to 2.3. SOLUTION: Update to version 2.3. http://developer.apple.com/tools/download/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Mike Schrag of mDimension Technology. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303794 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-1466 // BID: 18091 // VULHUB: VHN-17574 // PACKETSTORM: 46649

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.6

vendor:applemodel:xcodescope:lteversion:2.2

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.9

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:xcodescope:neversion:2.3

Trust: 0.3

sources: BID: 18091 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1466
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200605-426
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17574
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-1466
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-17574
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-17574 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1466

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200605-426

EXTERNAL IDS

db:NVDid:CVE-2006-1466

Trust: 2.0

db:BIDid:18091

Trust: 2.0

db:SECUNIAid:20267

Trust: 1.8

db:VUPENid:ADV-2006-1950

Trust: 1.7

db:OSVDBid:25889

Trust: 1.7

db:SECTRACKid:1016143

Trust: 1.7

db:CNNVDid:CNNVD-200605-426

Trust: 0.7

db:XFid:26634

Trust: 0.6

db:APPLEid:APPLE-SA-2006-05-23

Trust: 0.6

db:VULHUBid:VHN-17574

Trust: 0.1

db:PACKETSTORMid:46649

Trust: 0.1

sources: VULHUB: VHN-17574 // BID: 18091 // PACKETSTORM: 46649 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

REFERENCES

url:http://lists.apple.com/archives/security-announce/2006/may/msg00004.html

Trust: 1.7

url:http://www.securityfocus.com/bid/18091

Trust: 1.7

url:http://www.osvdb.org/25889

Trust: 1.7

url:http://securitytracker.com/id?1016143

Trust: 1.7

url:http://secunia.com/advisories/20267

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/1950

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26634

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/26634

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/1950

Trust: 0.6

url:http://www.apple.com/support/downloads/

Trust: 0.3

url:http://www.apple.com

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/10144/

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=303794

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/20267/

Trust: 0.1

url:http://developer.apple.com/tools/download/

Trust: 0.1

sources: VULHUB: VHN-17574 // BID: 18091 // PACKETSTORM: 46649 // CNNVD: CNNVD-200605-426 // NVD: CVE-2006-1466

CREDITS

Mike Schrag of mDimension Technology is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 18091 // CNNVD: CNNVD-200605-426

SOURCES

db:VULHUBid:VHN-17574
db:BIDid:18091
db:PACKETSTORMid:46649
db:CNNVDid:CNNVD-200605-426
db:NVDid:CVE-2006-1466

LAST UPDATE DATE

2024-08-14T15:04:37.111000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-17574date:2017-07-20T00:00:00
db:BIDid:18091date:2006-05-24T17:23:00
db:CNNVDid:CNNVD-200605-426date:2006-05-24T00:00:00
db:NVDid:CVE-2006-1466date:2017-07-20T01:30:37.473

SOURCES RELEASE DATE

db:VULHUBid:VHN-17574date:2006-05-24T00:00:00
db:BIDid:18091date:2006-05-23T00:00:00
db:PACKETSTORMid:46649date:2006-05-26T01:12:24
db:CNNVDid:CNNVD-200605-426date:2006-05-23T00:00:00
db:NVDid:CVE-2006-1466date:2006-05-24T01:02:00