Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1095

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-1095
Last Modified 01 Apr 2011 12:00:00
Published 09 Mar 2006 08:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1095

Summary

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

Vulnerable Systems

Application

  • Apache Mod Python 3.2.7


References

BID - 16916

MISC - http://www.cgisecurity.com/2006/02/07

SECTRACK - 1015764

SECUNIA - 19239

XF - modpython-filesession-command-execution(24965)

VUPEN - ADV-2006-0768

CONFIRM - http://www.modpython.org/fs_sec_warn.html

CONFIRM - http://svn.apache.org/viewcvs.cgi/httpd/mod_python/branches/3.2.x/NEWS?rev=378945


Last Updated: 27 May 2016 10:41:55