Vulnerability Description
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitrix | Bitrix Site Manager | 4.0.0 |
References
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121Exploit
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26548
- http://securityreason.com/securityalert/918
- http://securitytracker.com/id?1016121Exploit
- http://www.securityfocus.com/archive/1/434367/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26548
FAQ
What is CVE-2006-2479?
CVE-2006-2479 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbit...
How severe is CVE-2006-2479?
CVE-2006-2479 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2479?
Check the references section above for vendor advisories and patch information. Affected products include: Bitrix Bitrix Site Manager.