CVE-2006-6257 - OpenCVE

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Alternc	Alternc

Configuration 1 [-]

cpe:2.3:a:alternc:alternc:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/23144
http://securityreason.com/securityalert/1965
http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt	Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/452988/100/0/threaded
http://www.securityfocus.com/bid/21355	Exploit
http://www.vupen.com/english/advisories/2006/4851

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-04T11:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-12-03T00:00:00

Link: CVE-2006-6257

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-04T11:28:00.000

Modified: 2018-10-17T21:47:28.440

Link: CVE-2006-6257

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"name": "21355", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21355"}, {"name": "1965", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1965"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"name": "23144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23144"}, {"name": "ADV-2006-4851", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4851"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6257", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"name": "21355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21355"}, {"name": "1965", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1965"}, {"name": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt", "refsource": "MISC", "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"name": "23144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23144"}, {"name": "ADV-2006-4851", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4851"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6257", "datePublished": "2006-12-04T11:00:00", "dateReserved": "2006-12-03T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alternc:alternc:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8FAF661-CBCD-4392-88C9-F1A7949A84E8", "versionEndIncluding": "0.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}, {"lang": "es", "value": "El administrador de archivos en AlternC 0.9.5 y anteriores, cuando las advertencias (warnings) est\u00e1n habilitadas en PHP, permite a atacantes remotos obtener informaci\u00f3n sensible mediante determinados nombres de carpeta, tales como unos compuestos de c\u00f3digo JavaScript, lo cual revela la ruta en un mensaje de advertencia."}], "evaluatorSolution": "Successful exploitation requires that warnings are enabled in PHP.", "id": "CVE-2006-6257", "lastModified": "2018-10-17T21:47:28.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23144"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1965"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21355"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4851"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}