{"api_version":"1","generated_at":"2026-07-10T17:06:03+00:00","cve":"CVE-2006-3695","urls":{"html":"https://cve.report/CVE-2006-3695","api":"https://cve.report/api/cve/CVE-2006-3695.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3695","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3695"},"summary":{"title":"CVE-2006-3695","description":"Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-07-21 14:03:00","updated_at":"2017-07-20 01:32:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/21534","name":"21534","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Debian update for trac - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20958","name":"20958","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Trac \"reStructuredText\" Directives Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1152","name":"DSA-1152","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1152-1 trac","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016457","name":"1016457","refsource":"SECTRACK","tags":[],"title":"Trac Lets Remote Users Obtain Information and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27708","name":"trac-restructuredtext-dos(27708)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://trac.edgewall.org/wiki/ChangeLog","name":"http://trac.edgewall.org/wiki/ChangeLog","refsource":"CONFIRM","tags":[],"title":"ChangeLog – The Trac Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18323","name":"18323","refsource":"BID","tags":[],"title":"Trac Information Disclosure And Denial of Service Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27706","name":"trac-restructuredtext-obtain-information(27706)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2729","name":"ADV-2006-2729","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3695","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3695","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3695","vulnerable":"1","versionEndIncluding":"0.9.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"edgewall_software","cpe5":"trac","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3695","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"trac-restructuredtext-obtain-information(27706)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27706"},{"name":"ADV-2006-2729","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2729"},{"name":"20958","refsource":"SECUNIA","url":"http://secunia.com/advisories/20958"},{"name":"1016457","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016457"},{"name":"18323","refsource":"BID","url":"http://www.securityfocus.com/bid/18323"},{"name":"trac-restructuredtext-dos(27708)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27708"},{"name":"DSA-1152","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1152"},{"name":"21534","refsource":"SECUNIA","url":"http://secunia.com/advisories/21534"},{"name":"http://trac.edgewall.org/wiki/ChangeLog","refsource":"CONFIRM","url":"http://trac.edgewall.org/wiki/ChangeLog"}]}},"nvd":{"publishedDate":"2006-07-21 14:03:00","lastModifiedDate":"2017-07-20 01:32:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3695","Ordinal":"19021","Title":"CVE-2006-3695","CVE":"CVE-2006-3695","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3695","Ordinal":"1","NoteData":"Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3695","Ordinal":"2","NoteData":"2006-07-18","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3695","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}