CVE-2006-6071

Sažetak

TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.

Reference

http://secunia.com/advisories/23189
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071
http://www.securityfocus.com/bid/21381
http://www.vupen.com/english/advisories/2006/4790
https://exchange.xforce.ibmcloud.com/vulnerabilities/30667

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

20-07-2017 - 01:34

Objavljeno

02-12-2006 - 02:28