Lucene search

[email protected]CVE-2006-3936

HistoryJul 31, 2006 - 10:04 p.m.

CVE-2006-3936

2006-07-3122:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

alkacon opencms

cve-2006-3936

remote code execution

information security

nvd

6.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

CPENameOperatorVersion
alkacon:opencmsalkacon opencmseq6.0.3
alkacon:opencmsalkacon opencmseq6.0.4
alkacon:opencmsalkacon opencmseq6.0.0
alkacon:opencmsalkacon opencmseq6.2
alkacon:opencmsalkacon opencmseq6.0.2
alkacon:opencmsalkacon opencmseq6.2.1

CPE	Name	Operator	Version
alkacon:opencms	alkacon opencms	eq	6.0.3
alkacon:opencms	alkacon opencms	eq	6.0.4
alkacon:opencms	alkacon opencms	eq	6.0.0
alkacon:opencms	alkacon opencms	eq	6.2
alkacon:opencms	alkacon opencms	eq	6.0.2
alkacon:opencms	alkacon opencms	eq	6.2.1

References

o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt

secunia.com/advisories/21193

securityreason.com/securityalert/1302

www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip

www.opencms.org/opencms/en/shownews.html?id=1002

www.securityfocus.com/archive/1/441182/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/28001

6.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

Related for CVE-2006-3936

github1 osv1 nessus1