Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
References
Configurations
History
21 Nov 2024, 00:23
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454 - Mailing List, Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=116371297325564&w=2 - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/22967 - Broken Link, Permissions Required, Third Party Advisory | |
References | () http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649 - Product | |
References | () http://www.osvdb.org/30544 - Broken Link | |
References | () http://www.securityfocus.com/bid/21102 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/30451 - Third Party Advisory, VDB Entry |
25 Jan 2024, 02:20
Type | Values Removed | Values Added |
---|---|---|
References | (SECUNIA) http://secunia.com/advisories/22967 - Broken Link, Permissions Required, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/21102 - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454 - Mailing List, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/30451 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649 - Product | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.5 |
CWE | CWE-863 | |
CPE | cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:pedro_lineu_orso:chetcpasswd:2.1:*:*:*:*:*:*:* cpe:2.3:a:pedro_lineu_orso:chetcpasswd:1.12:*:*:*:*:*:*:* cpe:2.3:a:pedro_lineu_orso:chetcpasswd:*:*:*:*:*:*:*:* |
cpe:2.3:a:chetcpasswd_project:chetcpasswd:*:*:*:*:*:*:*:* |
First Time |
Chetcpasswd Project
Chetcpasswd Project chetcpasswd |
Information
Published : 2006-12-21 19:28
Updated : 2024-11-21 00:23
NVD link : CVE-2006-6679
Mitre link : CVE-2006-6679
CVE.ORG link : CVE-2006-6679
JSON object : View
Products Affected
chetcpasswd_project
- chetcpasswd
CWE
CWE-863
Incorrect Authorization