CVE-2011-1906
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
Trustwave WebDefend Enterprise anteriores a v5.07.01.903-1.4 almacena credenciales específicas de cuentas de usuario en una base de datos MySQL, lo que hace que sea más fácil para los atacantes remotos leer la tabla de recopilación de eventos a través de peticiones al puerto de gestión, una vulnerabilidad diferente de CVE-2011-0756.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-05-05 CVE Reserved
- 2011-05-05 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1025447 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2011-001.txt | 2011-05-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trustwave Search vendor "Trustwave" | Webdefend Search vendor "Trustwave" for product "Webdefend" | <= 5.0 Search vendor "Trustwave" for product "Webdefend" and version " <= 5.0" | enterprise |
Affected
| ||||||
| Trustwave Search vendor "Trustwave" | Webdefend Search vendor "Trustwave" for product "Webdefend" | 2.0 Search vendor "Trustwave" for product "Webdefend" and version "2.0" | enterprise |
Affected
| ||||||
| Trustwave Search vendor "Trustwave" | Webdefend Search vendor "Trustwave" for product "Webdefend" | 3.0 Search vendor "Trustwave" for product "Webdefend" and version "3.0" | enterprise |
Affected
| ||||||