Lucene search

[email protected]NVD:CVE-2006-2743

HistoryJun 01, 2006 - 10:02 a.m.

CVE-2006-2743

2006-06-0110:02:00

[email protected]

web.nvd.nist.gov

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Affected configurations

NVD

Node

drupaldrupalMatch4.6

drupaldrupalMatch4.6.0

drupaldrupalMatch4.6.1

drupaldrupalMatch4.6.2

drupaldrupalMatch4.6.3

drupaldrupalMatch4.6.4

drupaldrupalMatch4.6.5

drupaldrupalMatch4.6.6

drupaldrupalMatch4.7.0

References

drupal.org/node/65409

secunia.com/advisories/20140

secunia.com/advisories/21244

www.debian.org/security/2006/dsa-1125

www.securityfocus.com/archive/1/435794/100/0/threaded

www.securityfocus.com/bid/18245

www.vupen.com/english/advisories/2006/1975

exchange.xforce.ibmcloud.com/vulnerabilities/26655

www.exploit-db.com/exploits/1821

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for NVD:CVE-2006-2743

cvelist2 cve2 prion2 ubuntucve2 nessus2 nvd1 freebsd1 openvas6 osv1 debian2