Lucene search

[email protected]CVE-2006-3695

HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3695

2006-07-2114:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

trac

security

docutils

xss

denial of service

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.7%

JSON

Trac before 0.9.6 does not disable the “raw” or “include” commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

CPENameOperatorVersion
edgewall_software:tracedgewall software tracle0.9.5

CPE	Name	Operator	Version
edgewall_software:trac	edgewall software trac	le	0.9.5

References

secunia.com/advisories/20958

secunia.com/advisories/21534

securitytracker.com/id?1016457

trac.edgewall.org/wiki/ChangeLog

www.debian.org/security/2006/dsa-1152

www.securityfocus.com/bid/18323

www.vupen.com/english/advisories/2006/2729

exchange.xforce.ibmcloud.com/vulnerabilities/27706

exchange.xforce.ibmcloud.com/vulnerabilities/27708

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2006-3695

osv2 github1 ubuntucve3 debiancve1 openvas7 nessus4 debian2 freebsd1 cve2 ubuntu1