Lucene search

[email protected]CVE-2006-5932

HistoryNov 16, 2006 - 12:07 a.m.

CVE-2006-5932

2006-11-1600:07:00

[email protected]

web.nvd.nist.gov

cve

kahua

access control

authentication

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.1%

JSON

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.

Affected configurations

NVD

Node

kahuakahuaMatch0.1

kahuakahuaMatch0.2

kahuakahuaMatch0.3

kahuakahuaMatch0.4

kahuakahuaMatch0.5

kahuakahuaMatch0.6

CPENameOperatorVersion
kahua:kahuakahuaeq0.1
kahua:kahuakahuaeq0.2
kahua:kahuakahuaeq0.3
kahua:kahuakahuaeq0.4
kahua:kahuakahuaeq0.5
kahua:kahuakahuaeq0.6

CPE	Name	Operator	Version
kahua:kahua	kahua	eq	0.1
kahua:kahua	kahua	eq	0.2
kahua:kahua	kahua	eq	0.3
kahua:kahua	kahua	eq	0.4
kahua:kahua	kahua	eq	0.5
kahua:kahua	kahua	eq	0.6

References

secunia.com/advisories/22785

www.kahua.org/cgi-bin/kahua.fcgi/kahua-web/show/KSA/KSA2006-001

www.securityfocus.com/bid/21074

www.timedia.co.jp/news/2467470581

www.vupen.com/english/advisories/2006/4486

exchange.xforce.ibmcloud.com/vulnerabilities/30206

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.1%

JSON

Related for CVE-2006-5932

cvelist1 nvd1