Vulnerability Description
Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Efs Software | Easy Address Book | 1.2 |
References
- http://secunia.com/advisories/22681Vendor Advisory
- http://www.securityfocus.com/bid/20861Exploit
- http://www.vupen.com/english/advisories/2006/4312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29976
- https://www.exploit-db.com/exploits/2699
- http://secunia.com/advisories/22681Vendor Advisory
- http://www.securityfocus.com/bid/20861Exploit
- http://www.vupen.com/english/advisories/2006/4312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29976
- https://www.exploit-db.com/exploits/2699
FAQ
What is CVE-2006-5715?
CVE-2006-5715 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET requ...
How severe is CVE-2006-5715?
CVE-2006-5715 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5715?
Check the references section above for vendor advisories and patch information. Affected products include: Efs Software Easy Address Book.