Lucene search

[email protected]CVE-2006-6629

HistoryDec 18, 2006 - 11:28 a.m.

CVE-2006-6629

2006-12-1811:28:00

[email protected]

web.nvd.nist.gov

webwork

pg language

2.3.1

security vulnerability

file loading

regular expression

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.

Affected configurations

NVD

Node

webworkprogram_generation_languageRange≤2.3

CPENameOperatorVersion
webwork:program_generation_languagewebwork program generation languagele2.3

CPE	Name	Operator	Version
webwork:program_generation_language	webwork program generation language	le	2.3

References

devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1

www.securityfocus.com/bid/21614

www.vupen.com/english/advisories/2006/5026

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2006-6629

cvelist1 nvd1