Published: 21/07/2006 Updated: 20/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Trac prior to 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote malicious users to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

Vulnerable Product	Search on Vulmon	Subscribe to Product
edgewall software trac

Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files To fix this problem, python-docutils needs to be updated as well For the stable distribution (sarge) this problem has been fixed in version 081-3sarge5 of trac and version 037-2sarge1 ...

NVD-CWE-Other http://trac.edgewall.org/wiki/ChangeLog http://securitytracker.com/id?1016457 http://www.debian.org/security/2006/dsa-1152 http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://www.debian.org/security/./dsa-1152 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-3695

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect