CVE-2006-1627

high

Description

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25769

http://www.vupen.com/english/advisories/2006/1342

http://www.securityfocus.com/bid/17500

http://www.securityfocus.com/archive/1/430869/100/0/threaded

http://www.adobe.com/support/techdocs/322699.html

http://securitytracker.com/id?1015905

http://secunia.com/secunia_research/2005-68/advisory/

http://secunia.com/advisories/15924

Details

Source: Mitre, NVD

Published: 2006-04-13

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High