Lucene search

[email protected]NVD:CVE-2006-2893

HistoryJun 07, 2006 - 10:02 a.m.

CVE-2006-2893

2006-06-0710:02:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action.

Affected configurations

Nvd

Node

ganttyganttyMatch1.0.3

VendorProductVersionCPE
ganttygantty1.0.3cpe:2.3:a:gantty:gantty:1.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gantty	gantty	1.0.3	cpe:2.3:a:gantty:gantty:1.0.3:::::::*

References

secunia.com/advisories/20498

securityreason.com/securityalert/1060

www.securityfocus.com/archive/1/436125/100/0/threaded

www.securityfocus.com/bid/18296

www.vupen.com/english/advisories/2006/2188

exchange.xforce.ibmcloud.com/vulnerabilities/26964

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Related for NVD:CVE-2006-2893

prion1 cvelist1 cve1