Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1386

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1386
Last Modified 07 Mar 2011 09:32:57
Published 26 Mar 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1386

Summary

The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.

Vulnerable Systems

Application

  • Twiki 4.0

  • Twiki 4.0.1


References

VUPEN - ADV-2006-1116

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess

XF - twiki-restricted-content-access(25444)

BID - 17268

SECTRACK - 1015843

SECUNIA - 19410


Last Updated: 27 May 2016 10:42:02