CVE-2006-3695

{"id": "CVE-2006-3695", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"url": "http://secunia.com/advisories/20958", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21534", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016457", "source": "cve@mitre.org"}, {"url": "http://trac.edgewall.org/wiki/ChangeLog", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1152", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18323", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2729", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27706", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27708", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458."}, {"lang": "es", "value": "Trac anterior a 0.9.6 no deshabilita los comandos \"raw\" o \"nclude\" cuando se mantiene a usuarios no v\u00e1lidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a atacantes remotos leer archivos de su elecci\u00f3n, realizando ataques de secuencias de comandos en sitios cruzados (XSS), o provocar denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. NOTA: esto podr\u00eda estar relacionado con CVE-2006-3458."}], "lastModified": "2017-07-20T01:32:29.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FC0F377-A06F-42B8-ACDF-EB59F0C912F7", "versionEndIncluding": "0.9.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Upgrade to 0.9.6"}