CVE-2006-3695
Summary
| CVE | CVE-2006-3695 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-07-21 14:03:00 UTC |
| Updated | 2017-07-20 01:32:00 UTC |
| Description | Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Edgewall Software | Trac | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian update for trac - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Trac "reStructuredText" Directives Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Debian -- Security Information -- DSA-1152-1 trac | DEBIAN | www.debian.org | |
| Trac Lets Remote Users Obtain Information and Deny Service - SecurityTracker | SECTRACK | securitytracker.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| ChangeLog – The Trac Project | CONFIRM | trac.edgewall.org | |
| Trac Information Disclosure And Denial of Service Vulnerabilities | BID | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.