Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1126

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1126
Last Modified 07 Mar 2011 09:32:06
Published 09 Mar 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1126

Summary

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.

Vulnerable Systems

Application

  • Gallery Project Gallery 2.0.2


References

MISC - http://www.gulftech.org/?node=research&article_id=00106-03022006

SECTRACK - 1015717

SECUNIA - 19104

BUGTRAQ - 20060303 Gallery 2 Multiple Vulnerabilities

VUPEN - ADV-2006-0813

XF - gallery-header-spoofing(25120)

CONFIRM - http://gallery.menalto.com/gallery_2.0.3_released


Last Updated: 27 May 2016 10:41:56