CVE-2006-1787
2.6
CVSS SCORE
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Description
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
None
Availability
None
Affected Software Configurations
- a adobe document_server 6.0 * reader_extensions * * * * *
Weaknesses (CWE)
- NVD-CWE-Other
References & External Links
- http://secunia.com/advisories/15924
- http://secunia.com/secunia_research/2005-68/advisory/
- http://www.adobe.com/support/techdocs/322699.html
- http://www.adobe.com/support/techdocs/331915.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25773
- http://secunia.com/advisories/15924
- http://secunia.com/secunia_research/2005-68/advisory/
- http://www.adobe.com/support/techdocs/322699.html
- http://www.adobe.com/support/techdocs/331915.html
- http://www.securityfocus.com/archive/1/430869/100/0/threaded
- http://www.securityfocus.com/bid/17500
- http://www.vupen.com/english/advisories/2006/1342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25773