Lucene search

[email protected]CVE-2006-4994

HistorySep 26, 2006 - 2:07 a.m.

CVE-2006-4994

2006-09-2602:07:00

[email protected]

web.nvd.nist.gov

cve-2006-4994

windows

search path

vulnerability

apache friends xampp

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted “Program Files” pathname.

Affected configurations

NVD

Node

apachefriendsxamppMatch1.5.2

CPENameOperatorVersion
apachefriends:xamppapachefriends xamppeq1.5.2

CPE	Name	Operator	Version
apachefriends:xampp	apachefriends xampp	eq	1.5.2

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046218.html

secdev.zoller.lu/research/xamp1.htm

www.apachefriends.org/en/news-article%2C75557.html

www.securityfocus.com/archive/1/434699/30/4860/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26581

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2006-4994

cvelist1 nvd1