CVE-2006-0707

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2006-0707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-0707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2006-0707

Withdrawn

2024-06-30T15:56:58.398681Z

Published

2006-02-15T11:06:00Z

Modified

2024-06-04T04:00:19Z

Summary

[none]

Details

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

References

Affected packages

Debian:10 / pyblosxom

Package

Name: pyblosxom
Purl: pkg:deb/debian/pyblosxom?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2-1

Ecosystem specific

{
    "urgency": "high"
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-0707.json"