Lucene search

[email protected]CVE-2006-4432

HistoryAug 29, 2006 - 12:04 a.m.

CVE-2006-4432

2006-08-2900:04:00

[email protected]

web.nvd.nist.gov

cve

2006

4432

directory traversal

vulnerability

zend platform

php

session identifier

remote attack

code injection

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a … (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.

Affected configurations

NVD

Node

zendzend_platformRange≤2.2.1aa

CPENameOperatorVersion
zend:zend_platformzend zend platformle2.2.1a

CPE	Name	Operator	Version
zend:zend_platform	zend zend platform	le	2.2.1a

References

secunia.com/advisories/21573

securityreason.com/securityalert/1466

www.hardened-php.net/advisory_052006.128.html

www.osvdb.org/28232

www.securityfocus.com/archive/1/444263/100/0/threaded

www.vupen.com/english/advisories/2006/3388

exchange.xforce.ibmcloud.com/vulnerabilities/28576

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2006-4432

cvelist1 nvd1