CVE-2006-4432 - OpenCVE

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zend	Zend Platform

Configuration 1 [-]

cpe:2.3:a:zend:zend_platform:*:a:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/21573	Patch Vendor Advisory
http://securityreason.com/securityalert/1466
http://www.hardened-php.net/advisory_052006.128.html	Patch Vendor Advisory
http://www.osvdb.org/28232
http://www.securityfocus.com/archive/1/444263/100/0/threaded
http://www.vupen.com/english/advisories/2006/3388
https://exchange.xforce.ibmcloud.com/vulnerabilities/28576

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-29T00:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-08-28T00:00:00

Link: CVE-2006-4432

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-29T00:04:00.000

Modified: 2018-10-17T21:37:02.807

Link: CVE-2006-4432

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"}, {"name": "28232", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28232"}, {"name": "1466", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1466"}, {"tags": ["x_refsource_MISC"], "url": "http://www.hardened-php.net/advisory_052006.128.html"}, {"name": "21573", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21573"}, {"name": "ADV-2006-3388", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3388"}, {"name": "zend-zendsession-directory-traversal(28576)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4432", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060824 Advisory 05/2006: Zend Platform Multiple Remote Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"}, {"name": "28232", "refsource": "OSVDB", "url": "http://www.osvdb.org/28232"}, {"name": "1466", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1466"}, {"name": "http://www.hardened-php.net/advisory_052006.128.html", "refsource": "MISC", "url": "http://www.hardened-php.net/advisory_052006.128.html"}, {"name": "21573", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21573"}, {"name": "ADV-2006-3388", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3388"}, {"name": "zend-zendsession-directory-traversal(28576)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4432", "datePublished": "2006-08-29T00:00:00", "dateReserved": "2006-08-28T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zend:zend_platform:*:a:*:*:*:*:*:*", "matchCriteriaId": "28C06ABE-CB34-4E41-A2A4-ACF259823F44", "versionEndIncluding": "2.2.1a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection."}, {"lang": "es", "value": "Vulnerabilidad de atravesamiento de directorios en Zend Platform 2.2.1 y anteriores permite a atacantes remotos sobrescribir archivos de su elecci\u00f3n mediante una secuencia .. (punto punto) en el componente final del identificador de sesi\u00f3n PHP (PHPSESSID). NOTA: en algunos casos, este problema puede ser aprovechado para ejecutar una inyecci\u00f3n directa de c\u00f3digo est\u00e1tico."}], "id": "CVE-2006-4432", "lastModified": "2018-10-17T21:37:02.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-29T00:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21573"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1466"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.hardened-php.net/advisory_052006.128.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/28232"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444263/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3388"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28576"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}