Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1280

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1280
Last Modified 07 Mar 2011 09:32:42
Published 19 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1280

Summary

CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.

Vulnerable Systems

Application

  • Sherzod Ruzmetov Cgi Session 4.03


References

VUPEN - ADV-2006-0946

OSVDB - 23867

OSVDB - 23866

SECUNIA - 19211

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555

XF - cgisession-driver-files-insecure-permissions(25283)

BID - 17099


Last Updated: 27 May 2016 10:42:00