Lucene search

[email protected]CVE-2006-6965

HistoryJan 29, 2007 - 5:28 p.m.

CVE-2006-6965

2007-01-2917:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

crlf injection

dokuwiki

cve-2006-6965

vulnerability

http response splitting

xss attacks

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.0%

JSON

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

CPENameOperatorVersion
andreas_gohr:dokuwikiandreas gohr dokuwikieqrelease_2006-03-09
andreas_gohr:dokuwikiandreas gohr dokuwikieqrelease_2006-03-09e

CPE	Name	Operator	Version
andreas_gohr:dokuwiki	andreas gohr dokuwiki	eq	release_2006-03-09
andreas_gohr:dokuwiki	andreas gohr dokuwiki	eq	release_2006-03-09e

References

osvdb.org/31620

secunia.com/advisories/23926

secunia.com/advisories/24853

security.gentoo.org/glsa/glsa-200704-08.xml

sla.ckers.org/forum/read.php?3%2C880%2C1361#msg-1361

www.securityfocus.com/bid/22236

www.vupen.com/english/advisories/2007/0357

exchange.xforce.ibmcloud.com/vulnerabilities/31930

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for CVE-2006-6965

ubuntucve1 debiancve1 openvas2 nessus1 gentoo1 securityvulns1