CVE-2006-3379 - OpenCVE

Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hiki Wiki	Hiki Wiki

Configuration 1 [-]

OR	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.0:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.1:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.2:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.3:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.4:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.5:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.0:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.1:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.2:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.3:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.4:::::::*
	cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.5:::::::*

References

Link	Resource
http://hikiwiki.org/en/advisory20060703.html	Patch Vendor Advisory
http://jvn.jp/jp/JVN%2398836916/index.html
http://secunia.com/advisories/20741	Patch Vendor Advisory
http://secunia.com/advisories/21150
http://www.debian.org/security/2006/dsa-1119
http://www.osvdb.org/26970
http://www.securityfocus.com/bid/18785
http://www.vupen.com/english/advisories/2006/2643
https://exchange.xforce.ibmcloud.com/vulnerabilities/27507

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-06T20:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-07-06T00:00:00

Link: CVE-2006-3379

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-06T20:05:00.000

Modified: 2017-07-20T01:32:17.087

Link: CVE-2006-3379

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-03T00:00:00", "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "18785", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18785"}, {"name": "26970", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26970"}, {"name": "21150", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21150"}, {"name": "DSA-1119", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1119"}, {"name": "ADV-2006-2643", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2643"}, {"name": "JVN#98836916", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2398836916/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hikiwiki.org/en/advisory20060703.html"}, {"name": "20741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20741"}, {"name": "hiki-diff-dos(27507)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3379", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18785", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18785"}, {"name": "26970", "refsource": "OSVDB", "url": "http://www.osvdb.org/26970"}, {"name": "21150", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21150"}, {"name": "DSA-1119", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1119"}, {"name": "ADV-2006-2643", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2643"}, {"name": "JVN#98836916", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2398836916/index.html"}, {"name": "http://hikiwiki.org/en/advisory20060703.html", "refsource": "CONFIRM", "url": "http://hikiwiki.org/en/advisory20060703.html"}, {"name": "20741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20741"}, {"name": "hiki-diff-dos(27507)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3379", "datePublished": "2006-07-06T20:00:00", "dateReserved": "2006-07-06T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "54F63A0C-E0EF-4574-916E-15C3E7B3CD99", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9CEAB59-1B9B-442E-B000-6E4B842EC9A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "859F6DB8-9A45-420D-8426-2E06EF1A6D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5DF943E-2F0E-421E-85A1-C8D8B0141F81", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "F86D2CEE-9666-4B26-A85B-239DECDEEAD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "3798F776-8461-49B3-BD4F-FF1E81C65895", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A34AFA2-5A70-4548-B067-6C8EE8D5AEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "43197C15-7844-4C6B-9215-421C0B59F229", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "117A6B8E-5962-42F1-BCB0-20A8494FB302", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "618510DE-A929-482C-89D2-1FA17A8DE587", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "A30A25F8-84FB-4677-9AE9-398DB408AC14", "vulnerable": true}, {"criteria": "cpe:2.3:a:hiki_wiki:hiki_wiki:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "A64ECAB6-1B36-41F5-A7C4-F477416F8DF1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case."}, {"lang": "es", "value": "Vulnerabilidad de complejidad algor\u00edtmica en Hiki Wiki v0.6.0 hasta v0.6.5 y v0.8.0 hasta v0.8.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante la realizaci\u00f3n de un diff entre p\u00e1ginas grandes manipuladas que disparan el peor caso."}], "id": "CVE-2006-3379", "lastModified": "2017-07-20T01:32:17.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-06T20:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://hikiwiki.org/en/advisory20060703.html"}, {"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2398836916/index.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20741"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21150"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1119"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26970"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18785"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2643"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}