CVE-2006-0227 — Server-Side Request Forgery in Solaris

CWE-918 — Server-Side Request Forgery CWE-547 — Use of Hard-coded, Security-relevant Constants5 documents5 sources

Severity

2.6LOWNVD

EPSS

0.1%

top 78.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJan 17

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

CVSS vector

AV:L/AC:H/C:N/I:P/A:PExploitability: 1.9 | Impact: 4.9

Affected Packages2 packages

▶NVDsun/solaris10.0, 9.0+1

▶NVDsun/sunos5.8, 5.9+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-c92p-rfc8-xqwv: Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print servic↗2022-05-01

▶

GHSA

Server Side Request Forgery in Apache Axis↗2019-05-14

▶

CVEList

CVE-2006-0227: Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print servic↗2006-01-17

▶

📋Vendor Advisories

Red Hat

axis: Hard coded domain name in example web service named “StockQuoteService.jws” leading to remote code execution.↗2019-04-09

▶