CVE-2006-3938 - OpenCVE

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dotclear	Dotclear

Configuration 1 [-]

OR	cpe:2.3:a:dotclear:dotclear:1.2.1:::::::*
	cpe:2.3:a:dotclear:dotclear:1.2.2:::::::*
	cpe:2.3:a:dotclear:dotclear:1.2.3:::::::*
	cpe:2.3:a:dotclear:dotclear:1.2.4:::::::*

References

Link	Resource
http://securityreason.com/securityalert/1307
http://www.osvdb.org/29812
http://www.osvdb.org/29813
http://www.osvdb.org/29814
http://www.osvdb.org/29815
http://www.osvdb.org/29816
http://www.osvdb.org/29817
http://www.osvdb.org/29818
http://www.osvdb.org/29820
http://www.osvdb.org/29821
http://www.osvdb.org/29822
http://www.osvdb.org/29823
http://www.osvdb.org/29824
http://www.osvdb.org/29825
http://www.osvdb.org/29826
http://www.osvdb.org/29827
http://www.osvdb.org/29828
http://www.osvdb.org/29829
http://www.osvdb.org/29830
http://www.osvdb.org/29831
http://www.securityfocus.com/archive/1/440874/100/100/threaded
http://www.securityfocus.com/archive/1/459820/100/0/threaded
http://zone14.free.fr/advisories/8/
https://exchange.xforce.ibmcloud.com/vulnerabilities/27913

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-31T22:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-07-31T00:00:00

Link: CVE-2006-3938

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-31T22:04:00.000

Modified: 2018-10-17T21:32:26.643

Link: CVE-2006-3938

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070211 DotClear Full Path Disclosure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459820/100/0/threaded"}, {"name": "29814", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29814"}, {"name": "29828", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29828"}, {"name": "29825", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29825"}, {"name": "29816", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29816"}, {"name": "29826", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29826"}, {"name": "29817", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29817"}, {"name": "29815", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29815"}, {"name": "29818", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29818"}, {"name": "29812", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29812"}, {"name": "dotclear-multiple-path-disclosure(27913)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27913"}, {"name": "1307", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1307"}, {"name": "29830", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29830"}, {"name": "29821", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29821"}, {"name": "29827", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29827"}, {"name": "29831", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29831"}, {"name": "29820", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29820"}, {"name": "29829", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29829"}, {"tags": ["x_refsource_MISC"], "url": "http://zone14.free.fr/advisories/8/"}, {"name": "29823", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29823"}, {"name": "29813", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29813"}, {"name": "29824", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29824"}, {"name": "29822", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29822"}, {"name": "20060722 DotClear : Multiples Full Path Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440874/100/100/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3938", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070211 DotClear Full Path Disclosure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/459820/100/0/threaded"}, {"name": "29814", "refsource": "OSVDB", "url": "http://www.osvdb.org/29814"}, {"name": "29828", "refsource": "OSVDB", "url": "http://www.osvdb.org/29828"}, {"name": "29825", "refsource": "OSVDB", "url": "http://www.osvdb.org/29825"}, {"name": "29816", "refsource": "OSVDB", "url": "http://www.osvdb.org/29816"}, {"name": "29826", "refsource": "OSVDB", "url": "http://www.osvdb.org/29826"}, {"name": "29817", "refsource": "OSVDB", "url": "http://www.osvdb.org/29817"}, {"name": "29815", "refsource": "OSVDB", "url": "http://www.osvdb.org/29815"}, {"name": "29818", "refsource": "OSVDB", "url": "http://www.osvdb.org/29818"}, {"name": "29812", "refsource": "OSVDB", "url": "http://www.osvdb.org/29812"}, {"name": "dotclear-multiple-path-disclosure(27913)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27913"}, {"name": "1307", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1307"}, {"name": "29830", "refsource": "OSVDB", "url": "http://www.osvdb.org/29830"}, {"name": "29821", "refsource": "OSVDB", "url": "http://www.osvdb.org/29821"}, {"name": "29827", "refsource": "OSVDB", "url": "http://www.osvdb.org/29827"}, {"name": "29831", "refsource": "OSVDB", "url": "http://www.osvdb.org/29831"}, {"name": "29820", "refsource": "OSVDB", "url": "http://www.osvdb.org/29820"}, {"name": "29829", "refsource": "OSVDB", "url": "http://www.osvdb.org/29829"}, {"name": "http://zone14.free.fr/advisories/8/", "refsource": "MISC", "url": "http://zone14.free.fr/advisories/8/"}, {"name": "29823", "refsource": "OSVDB", "url": "http://www.osvdb.org/29823"}, {"name": "29813", "refsource": "OSVDB", "url": "http://www.osvdb.org/29813"}, {"name": "29824", "refsource": "OSVDB", "url": "http://www.osvdb.org/29824"}, {"name": "29822", "refsource": "OSVDB", "url": "http://www.osvdb.org/29822"}, {"name": "20060722 DotClear : Multiples Full Path Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440874/100/100/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3938", "datePublished": "2006-07-31T22:00:00", "dateReserved": "2006-07-31T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dotclear:dotclear:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "94896556-5D43-4C54-A49C-301511B69EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotclear:dotclear:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE7B92DB-62E4-4F4F-BC57-2C5F646C13CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotclear:dotclear:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "49EEF727-A23D-47AE-BE4E-238290246BE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotclear:dotclear:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "860F6A6A-717B-4B94-B4D0-26C2BAC1E66D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages."}, {"lang": "es", "value": "DotClear permite a atacantes remotos obtener informaci\u00f3n confidencial mediante una petici\u00f3n directa de (1) edit_cat.php, (2) index.php, (3) edit_link.php en ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php en /ecrire/tools/; (8) /ecrire/inc/connexion.php y (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) y class.blogpost.php en /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, y (16) class.xblogpost.php en /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, que revela la ruta de instalaci\u00f3n en mensajes de error."}], "id": "CVE-2006-3938", "lastModified": "2018-10-17T21:32:26.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-31T22:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1307"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29812"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29813"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29814"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29815"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29816"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29817"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29818"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29820"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29821"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29822"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29823"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29824"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29825"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29826"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29827"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29828"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29829"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29830"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29831"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440874/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/459820/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://zone14.free.fr/advisories/8/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27913"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}