Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0707

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0707
Last Modified 03 Jan 2013 12:00:00
Published 15 Feb 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0707

Summary

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

Vulnerable Systems

Application

  • Pyblosxom 1.2.1

  • Pyblosxom 1.3

  • Pyblosxom 1.3.1


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=391800

SECUNIA - 18858

VUPEN - ADV-2006-0571

XF - pyblosxom-pathinfo-information-disclosure(24730)

BID - 16641


Last Updated: 27 May 2016 11:01:31