CVE-2006-2481

Published Jul 31, 2006

Last updated 3 months ago

CVSS info 5.0

Overview

Description: VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A348CABB-CD52-4C55-9653-154C75605CD1"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA74505A-3550-4646-B2D6-6E6D0924023D"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7632C2AE-4B59-4B17-8A6B-C1D05C2824FA"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC77D81A-12AA-4948-9970-9461289DC648"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54A10ABE-E778-4133-B1AA-05FE6829A34A"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2CB97F9-9DF6-4493-A245-F4901F4DD22E"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C862131A-64D8-4C2D-815F-19971D63AF00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References