Lucene search

GoogleOSV:PYSEC-2006-2

HistoryJul 21, 2006 - 2:03 p.m.

PYSEC-2006-2

2006-07-2114:03:00

Google

osv.dev

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Trac before 0.9.6 does not disable the “raw” or “include” commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

CPENameOperatorVersion
traceq0.9
traceq0.8.4

CPE	Name	Operator	Version
	trac	eq	0.9
	trac	eq	0.8.4

References

secunia.com/advisories/20958

secunia.com/advisories/21534

securitytracker.com/id?1016457

trac.edgewall.org/wiki/ChangeLog

www.debian.org/security/2006/dsa-1152

www.securityfocus.com/bid/18323

www.vupen.com/english/advisories/2006/2729

exchange.xforce.ibmcloud.com/vulnerabilities/27706

exchange.xforce.ibmcloud.com/vulnerabilities/27708

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for OSV:PYSEC-2006-2