CVE-2006-1386

The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19410
http://securitytracker.com/id?1015843
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
http://www.securityfocus.com/bid/17268
http://www.vupen.com/english/advisories/2006/1116
https://exchange.xforce.ibmcloud.com/vulnerabilities/25444
http://secunia.com/advisories/19410
http://securitytracker.com/id?1015843
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
http://www.securityfocus.com/bid/17268
http://www.vupen.com/english/advisories/2006/1116
https://exchange.xforce.ibmcloud.com/vulnerabilities/25444

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:twiki:twiki:4.0:::::::*
	cpe:2.3:a:twiki:twiki:4.0.1:::::::*

History

21 Nov 2024, 00:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/19410 -~~	() http://secunia.com/advisories/19410 -
References	~~() http://securitytracker.com/id?1015843 -~~	() http://securitytracker.com/id?1015843 -
References	~~() http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess -~~	() http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess -
References	~~() http://www.securityfocus.com/bid/17268 -~~	() http://www.securityfocus.com/bid/17268 -
References	~~() http://www.vupen.com/english/advisories/2006/1116 -~~	() http://www.vupen.com/english/advisories/2006/1116 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25444 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25444 -

Information

Published : 2006-03-26 22:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1386

Mitre link : CVE-2006-1386

CVE.ORG link : CVE-2006-1386

JSON object : View

Products Affected

twiki

twiki

CWE

NVD-CWE-Other

{"id": "CVE-2006-1386", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-03-26T22:02:00.000", "references": [{"url": "http://secunia.com/advisories/19410", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015843", "source": "cve@mitre.org"}, {"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17268", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1116", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19410", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015843", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17268", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1116", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197"}, {"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}