Vulnerability Details : CVE-2006-1681
Potential exploit
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-1681
- cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:cherokee:cherokee_httpd:0.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1681
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1681
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2006-1681
-
http://www.vupen.com/english/advisories/2006/1292
-
http://www.securityfocus.com/bid/17408
Exploit
-
http://www.securityfocus.com/archive/1/430385/100/0/threaded
-
http://secunia.com/advisories/19587
Exploit;Patch
-
https://security.gentoo.org/glsa/202012-09
Cherokee: Multiple vulnerabilities (GLSA 202012-09) — Gentoo security
-
http://www.osvdb.org/24469
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25698
Jump to