CVE-2006-6679

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454 Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=116371297325564&w=2 Mailing List Third Party Advisory
http://secunia.com/advisories/22967 Broken Link Permissions Required Third Party Advisory
http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649 Product
http://www.osvdb.org/30544 Broken Link
http://www.securityfocus.com/bid/21102 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30451 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:chetcpasswd_project:chetcpasswd:*:*:*:*:*:*:*:*

History

25 Jan 2024, 02:20

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/22967 - Permissions Required, Third Party Advisory (SECUNIA) http://secunia.com/advisories/22967 - Broken Link, Permissions Required, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/21102 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/21102 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454 - Third Party Advisory (MISC) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454 - Mailing List, Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/30451 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/30451 - Third Party Advisory, VDB Entry
References (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649 - Patch (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649 - Product
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 7.5
CWE CWE-264 CWE-863
CPE cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.1:*:*:*:*:*:*:*
cpe:2.3:a:pedro_lineu_orso:chetcpasswd:1.12:*:*:*:*:*:*:*
cpe:2.3:a:pedro_lineu_orso:chetcpasswd:*:*:*:*:*:*:*:*
cpe:2.3:a:chetcpasswd_project:chetcpasswd:*:*:*:*:*:*:*:*
First Time Chetcpasswd Project
Chetcpasswd Project chetcpasswd

Information

Published : 2006-12-21 19:28

Updated : 2024-02-28 11:01


NVD link : CVE-2006-6679

Mitre link : CVE-2006-6679

CVE.ORG link : CVE-2006-6679


JSON object : View

Products Affected

chetcpasswd_project

  • chetcpasswd
CWE
CWE-863

Incorrect Authorization