CVE-2006-0993 – TippingPoint SMS Server Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2006-0993

The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. This vulnerability may allow attackers to access sensitive information from vulnerable TippingPoint SMS servers. The specific flaw exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings. • http://secunia.com/advisories/20058 http://securityreason.com/securityalert/870 http://securitytracker.com/id?1016051 http://www.3com.com/securityalert/alerts/3COM-06-002.html http://www.osvdb.org/25360 http://www.securityfocus.com/archive/1/433432/100/0/threaded http://www.securityfocus.com/bid/17935 http://www.vupen.com/english/advisories/2006/1752 http://www.zerodayinitiative.com/advisories/ZDI-06-013.html https://exchange.xforce.ibmcloud.com/vulnerabilities/26338 •