CVE-2006-3695

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20958	Vendor Advisory
http://secunia.com/advisories/21534	Vendor Advisory
http://securitytracker.com/id?1016457
http://trac.edgewall.org/wiki/ChangeLog
http://www.debian.org/security/2006/dsa-1152
http://www.securityfocus.com/bid/18323
http://www.vupen.com/english/advisories/2006/2729	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27706
https://exchange.xforce.ibmcloud.com/vulnerabilities/27708
http://secunia.com/advisories/20958	Vendor Advisory
http://secunia.com/advisories/21534	Vendor Advisory
http://securitytracker.com/id?1016457
http://trac.edgewall.org/wiki/ChangeLog
http://www.debian.org/security/2006/dsa-1152
http://www.securityfocus.com/bid/18323
http://www.vupen.com/english/advisories/2006/2729	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27706
https://exchange.xforce.ibmcloud.com/vulnerabilities/27708

Configurations

Configuration 1 (hide)

cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/20958 - Vendor Advisory~~	() http://secunia.com/advisories/20958 - Vendor Advisory
References	~~() http://secunia.com/advisories/21534 - Vendor Advisory~~	() http://secunia.com/advisories/21534 - Vendor Advisory
References	~~() http://securitytracker.com/id?1016457 -~~	() http://securitytracker.com/id?1016457 -
References	~~() http://trac.edgewall.org/wiki/ChangeLog -~~	() http://trac.edgewall.org/wiki/ChangeLog -
References	~~() http://www.debian.org/security/2006/dsa-1152 -~~	() http://www.debian.org/security/2006/dsa-1152 -
References	~~() http://www.securityfocus.com/bid/18323 -~~	() http://www.securityfocus.com/bid/18323 -
References	~~() http://www.vupen.com/english/advisories/2006/2729 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/2729 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 -

Information

Published : 2006-07-21 14:03

Updated : 2025-04-03 01:03

NVD link : CVE-2006-3695

Mitre link : CVE-2006-3695

CVE.ORG link : CVE-2006-3695

JSON object : View

Products Affected

edgewall_software

trac

CWE

NVD-CWE-Other

6.8 /10