cve-2006-5835
Vulnerability from cvelistv5
Published
2006-11-10 01:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:04:55.605Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1017203", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1017203" }, { "name": "20960", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20960" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf" }, { "name": "lotusnotes-nrpc-information-disclosure(30118)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118" }, { "name": "22741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22741" }, { "name": "ADV-2006-4411", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4411" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1017203", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1017203" }, { "name": "20960", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20960" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf" }, { "name": "lotusnotes-nrpc-information-disclosure(30118)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118" }, { "name": "22741", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22741" }, { "name": "ADV-2006-4411", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4411" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5835", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1017203", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017203" }, { "name": "20960", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20960" }, { "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026" }, { "name": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf", "refsource": "MISC", "url": "http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf" }, { "name": "lotusnotes-nrpc-information-disclosure(30118)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30118" }, { "name": "22741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22741" }, { "name": "ADV-2006-4411", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4411" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5835", "datePublished": "2006-11-10T01:00:00", "dateReserved": "2006-11-09T00:00:00", "dateUpdated": "2024-08-07T20:04:55.605Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "fkie_nvd": { "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D4B2601-B62F-4235-BFFD-281235737450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"273DF27B-9441-4925-BD7E-5709D7D059EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E234AD1-7202-421E-82C8-880E84876021\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55D037CC-1207-48E2-882E-8B236EE7138F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5059BEF2-84EB-4B5F-84F5-9E3200B068F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB71B7AA-957B-46A6-9BC9-CE23EC721189\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46CF28C0-51AD-4783-B1F0-205DF64D133A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C0015A2-A70E-4B0C-B59A-44F5F611293D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1360A50E-C1E1-4690-874A-04CC7C1A77CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D94927A9-61FD-459F-9A6D-E581A4AF505C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3B32BA2-9EB7-4294-A857-226A5B1CC401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF64CA16-6C20-42E1-BA68-BD63A873BFA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12D7DD7B-CA90-44A5-9B7B-4A4985150689\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C63D40DF-C6F3-4502-9816-939265F10532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68AEB13D-C7C6-426F-8484-85EFF7245DF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94646433-DE15-4214-9C78-7D1DAB5A12D9\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.\"}, {\"lang\": \"es\", \"value\": \"El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticaci\\u00f3n para realizar b\\u00fasqueda de usuarios, lo que permite a atacantes remotos la obtenci\\u00f3n de los ficheros de identificaci\\u00f3n (ID) de los usuarios.\"}]", "id": "CVE-2006-5835", "lastModified": "2024-11-21T00:20:45.053", "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", "published": "2006-11-10T01:07:00.000", "references": "[{\"url\": \"http://secunia.com/advisories/22741\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017203\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/20960\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4411\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/20960\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4411\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]" }, "nvd": "{\"cve\":{\"id\":\"CVE-2006-5835\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-10T01:07:00.000\",\"lastModified\":\"2024-11-21T00:20:45.053\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.\"},{\"lang\":\"es\",\"value\":\"El protocolo de Notes Remote Procedure Call (NRPC) en el IBM Lotus Notes Domino en versiones anteriores a la 6.5.5 FP2 y 7.x antes de la 7.0.2 no requiere autenticaci\u00f3n para realizar b\u00fasqueda de usuarios, lo que permite a atacantes remotos la obtenci\u00f3n de los ficheros de identificaci\u00f3n (ID) de los usuarios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4B2601-B62F-4235-BFFD-281235737450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"273DF27B-9441-4925-BD7E-5709D7D059EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E234AD1-7202-421E-82C8-880E84876021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D037CC-1207-48E2-882E-8B236EE7138F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5059BEF2-84EB-4B5F-84F5-9E3200B068F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB71B7AA-957B-46A6-9BC9-CE23EC721189\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46CF28C0-51AD-4783-B1F0-205DF64D133A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C0015A2-A70E-4B0C-B59A-44F5F611293D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1360A50E-C1E1-4690-874A-04CC7C1A77CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D94927A9-61FD-459F-9A6D-E581A4AF505C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3B32BA2-9EB7-4294-A857-226A5B1CC401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF64CA16-6C20-42E1-BA68-BD63A873BFA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D7DD7B-CA90-44A5-9B7B-4A4985150689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63D40DF-C6F3-4502-9816-939265F10532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68AEB13D-C7C6-426F-8484-85EFF7245DF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94646433-DE15-4214-9C78-7D1DAB5A12D9\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017203\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/20960\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4411\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21248026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/20960\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.