cvelistv5 - cve-2006-1193

CVE-2006-1193 (GCVE-0-2006-1193)

Vulnerability from cvelistv5 – Published: 2006-06-13 19:00 – Updated: 2024-08-07 17:03

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://securitytracker.com/id?1016280	vdb-entryx_refsource_SECTRACK
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.osvdb.org/26441	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/18381	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2006/2326	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.sec-consult.com/fileadmin/Advisories/2…	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/138188	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/20634	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:03:28.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016280",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016280"
          },
          {
            "name": "20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
          },
          {
            "name": "26441",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26441"
          },
          {
            "name": "exchange-owa-xss(25550)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "18381",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18381"
          },
          {
            "name": "ADV-2006-2326",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2326"
          },
          {
            "name": "oval:org.mitre.oval:def:1161",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
          },
          {
            "name": "oval:org.mitre.oval:def:1070",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
          },
          {
            "name": "MS06-029",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
          },
          {
            "name": "oval:org.mitre.oval:def:1315",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
          },
          {
            "name": "VU#138188",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/138188"
          },
          {
            "name": "20634",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20634"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1016280",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016280"
        },
        {
          "name": "20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
        },
        {
          "name": "26441",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26441"
        },
        {
          "name": "exchange-owa-xss(25550)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "18381",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18381"
        },
        {
          "name": "ADV-2006-2326",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2326"
        },
        {
          "name": "oval:org.mitre.oval:def:1161",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
        },
        {
          "name": "oval:org.mitre.oval:def:1070",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
        },
        {
          "name": "MS06-029",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
        },
        {
          "name": "oval:org.mitre.oval:def:1315",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
        },
        {
          "name": "VU#138188",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/138188"
        },
        {
          "name": "20634",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20634"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016280",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016280"
            },
            {
              "name": "20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
            },
            {
              "name": "26441",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26441"
            },
            {
              "name": "exchange-owa-xss(25550)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "18381",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18381"
            },
            {
              "name": "ADV-2006-2326",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2326"
            },
            {
              "name": "oval:org.mitre.oval:def:1161",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
            },
            {
              "name": "oval:org.mitre.oval:def:1070",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
            },
            {
              "name": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt",
              "refsource": "MISC",
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
            },
            {
              "name": "MS06-029",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
            },
            {
              "name": "oval:org.mitre.oval:def:1315",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
            },
            {
              "name": "VU#138188",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/138188"
            },
            {
              "name": "20634",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20634"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-1193",
    "datePublished": "2006-06-13T19:00:00",
    "dateReserved": "2006-03-13T00:00:00",
    "dateUpdated": "2024-08-07T17:03:28.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"34300FD4-EC3B-4206-B6C0-1345F17EC5EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"47132D0D-7691-40A3-A4BF-37D2ACE580C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E88E31D4-1120-4A18-BA65-E2C96B35E599\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \\\"HTML parsing.\\\"\"}]",
      "id": "CVE-2006-1193",
      "lastModified": "2024-11-21T00:08:16.360",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-06-13T19:06:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20634\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016280\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/138188\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26441\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/18381\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2326\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25550\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/20634\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016280\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/138188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26441\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/18381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2326\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25550\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1193\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-06-13T19:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \\\"HTML parsing.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"34300FD4-EC3B-4206-B6C0-1345F17EC5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47132D0D-7691-40A3-A4BF-37D2ACE580C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88E31D4-1120-4A18-BA65-E2C96B35E599\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/20634\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016280\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/138188\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26441\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/18381\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2326\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25550\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/20634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/138188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/18381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2006-1193

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1193

Aliases

CVE-2006-1193

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1193",
    "description": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\"",
    "id": "GSD-2006-1193"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1193"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\"",
      "id": "GSD-2006-1193",
      "modified": "2023-12-13T01:19:55.584538Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-1193",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016280",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016280"
          },
          {
            "name": "20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
          },
          {
            "name": "26441",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26441"
          },
          {
            "name": "exchange-owa-xss(25550)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
          },
          {
            "name": "TA06-164A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "18381",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18381"
          },
          {
            "name": "ADV-2006-2326",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2326"
          },
          {
            "name": "oval:org.mitre.oval:def:1161",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
          },
          {
            "name": "oval:org.mitre.oval:def:1070",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
          },
          {
            "name": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt",
            "refsource": "MISC",
            "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
          },
          {
            "name": "MS06-029",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
          },
          {
            "name": "oval:org.mitre.oval:def:1315",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
          },
          {
            "name": "VU#138188",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/138188"
          },
          {
            "name": "20634",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20634"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1193"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18381",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/18381"
            },
            {
              "name": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "VU#138188",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/138188"
            },
            {
              "name": "1016280",
              "refsource": "SECTRACK",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1016280"
            },
            {
              "name": "20634",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/20634"
            },
            {
              "name": "26441",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/26441"
            },
            {
              "name": "20060614 SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
            },
            {
              "name": "ADV-2006-2326",
              "refsource": "VUPEN",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2326"
            },
            {
              "name": "exchange-owa-xss(25550)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
            },
            {
              "name": "oval:org.mitre.oval:def:1315",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
            },
            {
              "name": "oval:org.mitre.oval:def:1161",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
            },
            {
              "name": "oval:org.mitre.oval:def:1070",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
            },
            {
              "name": "MS06-029",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2020-04-09T13:29Z",
      "publishedDate": "2006-06-13T19:06Z"
    }
  }
}

CERTA-2006-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans Microsoft Exchange Server peut être exploitée par un utilisateur mal intentionné pour réaliser une attaque de type « Cross Site Scripting ».

Description

Une vulnérabilité est présente dans le service Microsoft Outlook Web Access (OWA) dans le traitement des messages électroniques. Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné, via un message éléctronique contenant du code malveillant, pour faire exécuter du code sur le navigateur d'un utilisateur dans un certain contexte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft Exchange Server 2000 ;
	Microsoft	N/A	Microsoft Exchange Server 2003 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-029

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le service Microsoft Outlook Web\nAccess (OWA) dans le traitement des messages \u00e9lectroniques. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur mal intentionn\u00e9,\nvia un message \u00e9l\u00e9ctronique contenant du code malveillant, pour faire\nex\u00e9cuter du code sur le navigateur d\u0027un utilisateur dans un certain\ncontexte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1193"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Attaque de type \u00ab cross site scripting \u00bb"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Microsoft Exchange Server peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 pour r\u00e9aliser une attaque\nde type \u00ab Cross Site Scripting \u00bb.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-029",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx"
    }
  ]
}

CERTA-2006-AVI-243

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans Microsoft Exchange Server peut être exploitée par un utilisateur mal intentionné pour réaliser une attaque de type « Cross Site Scripting ».

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft Exchange Server 2000 ;
	Microsoft	N/A	Microsoft Exchange Server 2003 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-029

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2000 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le service Microsoft Outlook Web\nAccess (OWA) dans le traitement des messages \u00e9lectroniques. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur mal intentionn\u00e9,\nvia un message \u00e9l\u00e9ctronique contenant du code malveillant, pour faire\nex\u00e9cuter du code sur le navigateur d\u0027un utilisateur dans un certain\ncontexte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1193"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Attaque de type \u00ab cross site scripting \u00bb"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Microsoft Exchange Server peut \u00eatre\nexploit\u00e9e par un utilisateur mal intentionn\u00e9 pour r\u00e9aliser une attaque\nde type \u00ab Cross Site Scripting \u00bb.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Exchange Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-029",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-029.mspx"
    }
  ]
}

GHSA-9H8H-P8V4-RXC6

Vulnerability from github – Published: 2022-05-01 06:46 – Updated: 2022-05-01 06:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-13T19:06:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\"",
  "id": "GHSA-9h8h-p8v4-rxc6",
  "modified": "2022-05-01T06:46:47Z",
  "published": "2022-05-01T06:46:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1193"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20634"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016280"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/138188"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26441"
    },
    {
      "type": "WEB",
      "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18381"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2326"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-1193

Vulnerability from fkie_nvd - Published: 2006-06-13 19:06 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html	Mailing List, Third Party Advisory
secure@microsoft.com	http://secunia.com/advisories/20634	Patch, Third Party Advisory
secure@microsoft.com	http://securitytracker.com/id?1016280	Patch, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.kb.cert.org/vuls/id/138188	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.osvdb.org/26441	Broken Link
secure@microsoft.com	http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt	Third Party Advisory
secure@microsoft.com	http://www.securityfocus.com/bid/18381	Patch, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/2326	Permissions Required
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25550	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070	Third Party Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161	Third Party Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20634	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016280	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/138188	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26441	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18381	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2326	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25550	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	exchange_server	2000
microsoft	exchange_server	2000
microsoft	exchange_server	2000

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "34300FD4-EC3B-4206-B6C0-1345F17EC5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "47132D0D-7691-40A3-A4BF-37D2ACE580C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E88E31D4-1120-4A18-BA65-E2C96B35E599",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to \"HTML parsing.\""
    }
  ],
  "id": "CVE-2006-1193",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-13T19:06:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/20634"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016280"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/138188"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/26441"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/18381"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2326"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046892.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/20634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/138188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/26441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.sec-consult.com/fileadmin/Advisories/20060613-0_owa_xss_noexploit.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/18381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1315"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1193 (GCVE-0-2006-1193)

GSD-2006-1193

CERTA-2006-AVI-243

Description

Solution

CERTA-2006-AVI-243

Description

Solution

GHSA-9H8H-P8V4-RXC6

FKIE_CVE-2006-1193

Tags

Sightings

Nomenclature