{"api_version":"1","generated_at":"2026-04-23T11:33:09+00:00","cve":"CVE-2006-3290","urls":{"html":"https://cve.report/CVE-2006-3290","api":"https://cve.report/api/cve/CVE-2006-3290.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3290","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3290"},"summary":{"title":"CVE-2006-3290","description":"HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-28 23:05:00","updated_at":"2017-07-20 01:32:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/20870","name":"20870","refsource":"SECUNIA","tags":[],"title":"Cisco Wireless Control System Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27442","name":"cisco-wcs-http-information-disclosure(27442)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2583","name":"ADV-2006-2583","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016398","name":"1016398","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Cisco Wireless Control System Lets Remote Users Read/Write Files, View Sensitive Information, Access the Systems, and Conduct Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml","name":"20060628 Multiple Vulnerabilities in Wireless Control System","refsource":"CISCO","tags":["Patch"],"title":"Cisco - Networking, Cloud, and Cybersecurity Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/26879","name":"26879","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/18701","name":"18701","refsource":"BID","tags":[],"title":"Cisco Wireless Control System Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3290","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3290","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3290","vulnerable":"1","versionEndIncluding":"3.2(51)","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"wireless_control_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3290","vulnerable":"1","versionEndIncluding":"3.2\\(51\\)","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cisco","cpe5":"wireless_control_system","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3290","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-2583","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2583"},{"name":"20870","refsource":"SECUNIA","url":"http://secunia.com/advisories/20870"},{"name":"cisco-wcs-http-information-disclosure(27442)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27442"},{"name":"20060628 Multiple Vulnerabilities in Wireless Control System","refsource":"CISCO","url":"http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml"},{"name":"1016398","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016398"},{"name":"26879","refsource":"OSVDB","url":"http://www.osvdb.org/26879"},{"name":"18701","refsource":"BID","url":"http://www.securityfocus.com/bid/18701"}]}},"nvd":{"publishedDate":"2006-06-28 23:05:00","lastModifiedDate":"2017-07-20 01:32:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:cisco:wireless_control_system:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2\\(51\\)","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3290","Ordinal":"18615","Title":"CVE-2006-3290","CVE":"CVE-2006-3290","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3290","Ordinal":"1","NoteData":"HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3290","Ordinal":"2","NoteData":"2006-06-28","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3290","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}