Lucene search

[email protected]CVE-2006-6047

HistoryNov 22, 2006 - 12:07 a.m.

CVE-2006-6047

2006-11-2200:07:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2006

6047

directory traversal

vulnerability

etomite

remote

authenticated

administrators

php

apache

http

server

log file

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

JSON

Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a … (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Affected configurations

NVD

Node

etomiteetomiteMatch0.6.1.2

CPENameOperatorVersion
etomite:etomiteetomiteeq0.6.1.2

CPE	Name	Operator	Version
etomite:etomite	etomite	eq	0.6.1.2

References

secunia.com/advisories/22885

www.0xcafebabe.it/sploits/etm_0612_remote_com.pl

www.etomite.org/forums/index.php?showtopic=6388

www.securityfocus.com/archive/1/451838/100/0/threaded

www.securityfocus.com/archive/1/451930/100/0/threaded

www.securityfocus.com/bid/21135

www.vupen.com/english/advisories/2006/4558

exchange.xforce.ibmcloud.com/vulnerabilities/30329

www.exploit-db.com/exploits/2790

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2006-6047

cvelist1 nvd1