Lucene search

MitreCVE-2006-6377

HistoryDec 07, 2006 - 5:28 p.m.

CVE-2006-6377

2006-12-0717:28:00

mitre

web.nvd.nist.gov

cve-2006-6377

uploadscript

security vulnerability

sensitive data

access control

admin password hash

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.079

Percentile

94.3%

JSON

Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.

Affected configurations

Nvd

Node

uploadscriptuploadscriptRange≤1.2

VendorProductVersionCPE
uploadscriptuploadscript*cpe:2.3:a:uploadscript:uploadscript:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uploadscript	uploadscript	*	cpe:2.3:a:uploadscript:uploadscript::::::::

References

secunia.com/advisories/23264

securityreason.com/securityalert/2003

www.securityfocus.com/archive/1/453644/100/0/threaded

www.securityfocus.com/archive/1/457696/100/0/threaded

www.vupen.com/english/advisories/2006/4893

exchange.xforce.ibmcloud.com/vulnerabilities/30747

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.079

Percentile

94.3%

JSON

Related for CVE-2006-6377