Search criteria
2 vulnerabilities by aep_networks
CVE-2006-5725 (GCVE-0-2006-5725)
Vulnerability from cvelistv5 – Published: 2006-11-04 01:00 – Updated: 2024-08-07 20:04
VLAI
Summary
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/22550 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4224 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/2637 | exploitx_refsource_EXPLOIT-DB |
| https://prdelka.blackart.org.uk/exploitz/prdelka-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-10-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "2637",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
},
{
"name": "smartgate-header-information-disclosure(29802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "2637",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
},
{
"name": "smartgate-header-information-disclosure(29802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "2637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"name": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c",
"refsource": "MISC",
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
},
{
"name": "smartgate-header-information-disclosure(29802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5725",
"datePublished": "2006-11-04T01:00:00.000Z",
"dateReserved": "2006-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5596 (GCVE-0-2006-5596)
Vulnerability from cvelistv5 – Published: 2006-10-28 00:00 – Updated: 2024-08-07 19:55
VLAI
Summary
Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/22550 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/4224 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/2637 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/20722 | vdb-entryx_refsource_BID |
| https://prdelka.blackart.org.uk/exploitz/prdelka-… | x_refsource_MISC |
Date Public
2006-10-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "smartgate-http-directory-traversal(29817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29817"
},
{
"name": "2637",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"name": "20722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\\ (dot dot backslash) sequences in an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "smartgate-http-directory-traversal(29817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29817"
},
{
"name": "2637",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"name": "20722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\\ (dot dot backslash) sequences in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22550"
},
{
"name": "ADV-2006-4224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4224"
},
{
"name": "smartgate-http-directory-traversal(29817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29817"
},
{
"name": "2637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2637"
},
{
"name": "20722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20722"
},
{
"name": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c",
"refsource": "MISC",
"url": "https://prdelka.blackart.org.uk/exploitz/prdelka-vs-AEP-smartgate.c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5596",
"datePublished": "2006-10-28T00:00:00.000Z",
"dateReserved": "2006-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:55:53.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}