Lucene search

[email protected]CVE-2006-1095

HistoryMar 09, 2006 - 1:06 p.m.

CVE-2006-1095

2006-03-0913:06:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2006-1095

directory traversal

mod_python

code execution

apache

session cookie

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

CPENameOperatorVersion
apache:mod_pythonapache mod pythoneq3.2.7

CPE	Name	Operator	Version
apache:mod_python	apache mod python	eq	3.2.7

References

secunia.com/advisories/19239

securitytracker.com/id?1015764

svn.apache.org/viewcvs.cgi/httpd/mod_python/branches/3.2.x/NEWS?rev=378945

www.cgisecurity.com/2006/02/07

www.modpython.org/fs_sec_warn.html

www.securityfocus.com/bid/16916

www.vupen.com/english/advisories/2006/0768

exchange.xforce.ibmcloud.com/vulnerabilities/24965

7.4 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Related for CVE-2006-1095

prion1 ubuntucve1