CVE-2006-3831

The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21066	Vendor Advisory
http://securityreason.com/securityalert/1271
http://securitytracker.com/id?1016515
http://www.acid-root.new.fr/advisories/boastmachine.txt
http://www.securityfocus.com/archive/1/440306/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:kailash_nadh:boastmachine:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-07-25 13:22

Updated : 2024-02-28 10:42

NVD link : CVE-2006-3831

Mitre link : CVE-2006-3831

CVE.ORG link : CVE-2006-3831

JSON object : View

Products Affected

kailash_nadh

boastmachine

CWE

NVD-CWE-Other

{"id": "CVE-2006-3831", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-25T13:22:00.000", "references": [{"url": "http://secunia.com/advisories/21066", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1271", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016515", "source": "cve@mitre.org"}, {"url": "http://www.acid-root.new.fr/advisories/boastmachine.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/440306/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file."}, {"lang": "es", "value": "La selecci\u00f3n de backup en Kailash Nadh boastMachine (formalmente bMachine) 3.1 y anteriores utiliza nombres de archivo predecibles para backups de bases de datos y almancena nombres de archivo bajo la raiz web con insuficientes controles de acceso, lo caul permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de la descarga del fichero de backup."}], "lastModified": "2018-10-17T21:31:42.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07E0861-8D6F-4771-8260-E6490570B0C7", "versionEndIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}