Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3798

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3798
Last Modified 05 Sep 2008 05:08:05
Published 24 Jul 2006 08:19:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3798

Summary

DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."

Vulnerable Systems

Application

  • Deluxebb 1.05

  • Deluxebb 1.06

  • Deluxebb 1.07


References

BUGTRAQ - 20060718 DeluxeBB mutiple vulnerabilities

BID - 19052

SREASON - 1254

FULLDISC - 20060718 Advisory : DeluxeBB mutiple vulnerabilities


Last Updated: 27 May 2016 10:43:08