Detections
Analytics

CVE-2006-3695

medium

Description

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27708

https://exchange.xforce.ibmcloud.com/vulnerabilities/27706

http://www.vupen.com/english/advisories/2006/2729

http://www.securityfocus.com/bid/18323

http://www.debian.org/security/2006/dsa-1152

http://trac.edgewall.org/wiki/ChangeLog

http://securitytracker.com/id?1016457

http://secunia.com/advisories/21534

http://secunia.com/advisories/20958

Details

Source: Mitre, NVD

Published: 2006-07-21

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium