CVE-2006-1386

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-1386
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/19410
http://securitytracker.com/id?1015843
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
http://www.securityfocus.com/bid/17268
http://www.vupen.com/english/advisories/2006/1116
https://exchange.xforce.ibmcloud.com/vulnerabilities/25444
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-03-26 22:02

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1386

Mitre link : CVE-2006-1386

CVE.ORG link : CVE-2006-1386

JSON object : View

Products Affected

twiki

  • twiki
CWE
NVD-CWE-Other