Lucene search

[email protected]CVE-2006-3798

HistoryJul 24, 2006 - 12:19 p.m.

CVE-2006-3798

2006-07-2412:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

deluxebb

1.07

remote attackers

variable overwrite

security vulnerabilities

pollution of global namespace

cve-2006-3798

nvd

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka “pollution of the global namespace.”

CPENameOperatorVersion
deluxebb:deluxebbdeluxebbeq1.05
deluxebb:deluxebbdeluxebbeq1.07
deluxebb:deluxebbdeluxebbeq1.06

CPE	Name	Operator	Version
deluxebb:deluxebb	deluxebb	eq	1.05
deluxebb:deluxebb	deluxebb	eq	1.07
deluxebb:deluxebb	deluxebb	eq	1.06

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html

securityreason.com/securityalert/1254

www.securityfocus.com/archive/1/440435/100/0/threaded

www.securityfocus.com/bid/19052

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2006-3798

cvelist1