CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt	Exploit Patch
http://secunia.com/advisories/21193	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1302
http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip	Patch
http://www.opencms.org/opencms/en/shownews.html?id=1002	Patch
http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28000
http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt	Exploit Patch
http://secunia.com/advisories/21193	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1302
http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip	Patch
http://www.opencms.org/opencms/en/shownews.html?id=1002	Patch
http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28000

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:alkacon:opencms::::::::
	cpe:2.3:a:alkacon:opencms:6.0.0:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.2:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.3:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.4:::::::*
	cpe:2.3:a:alkacon:opencms:6.2:::::::*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt - Exploit, Patch~~	() http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt - Exploit, Patch
References	~~() http://secunia.com/advisories/21193 - Exploit, Patch, Vendor Advisory~~	() http://secunia.com/advisories/21193 - Exploit, Patch, Vendor Advisory
References	~~() http://securityreason.com/securityalert/1302 -~~	() http://securityreason.com/securityalert/1302 -
References	~~() http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip - Patch~~	() http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip - Patch
References	~~() http://www.opencms.org/opencms/en/shownews.html?id=1002 - Patch~~	() http://www.opencms.org/opencms/en/shownews.html?id=1002 - Patch
References	~~() http://www.securityfocus.com/archive/1/441182/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/441182/100/0/threaded -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/28000 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/28000 -

Information

Published : 2006-07-31 22:04

Updated : 2024-11-21 00:14

NVD link : CVE-2006-3934

Mitre link : CVE-2006-3934

CVE.ORG link : CVE-2006-3934

JSON object : View

Products Affected

alkacon

opencms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.0 /10