Lucene search

[email protected]CVE-2006-2690

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2690

2006-05-3110:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2690

eva-web

remote attackers

web server

security vulnerability

7.5 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.

CPENameOperatorVersion
eva-web:eva-webeva-weble2.1.2

CPE	Name	Operator	Version
eva-web:eva-web	eva-web	le	2.1.2

References

pridels0.blogspot.com/2006/05/eva-web-212-vuln.html

7.5 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2006-2690

prion1