CVE-2006-3695
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2006-3695
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-3695.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2006-3695
- Aliases
- Related
- Published
- 2006-07-21T14:03:00Z
- Modified
- 2025-01-14T06:01:10.352748Z
- Summary
- [none]
- Details
-
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
- References
-
- http://secunia.com/advisories/20958
- http://secunia.com/advisories/21534
- http://www.debian.org/security/2006/dsa-1152
- http://www.vupen.com/english/advisories/2006/2729
- http://securitytracker.com/id?1016457
- http://trac.edgewall.org/wiki/ChangeLog
- http://www.securityfocus.com/bid/18323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27708
- https://security-tracker.debian.org/tracker/CVE-2006-3695
Affected packages
Debian:13 / trac
Package
- Name
- trac
- Purl
- pkg:deb/debian/trac?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.6-1
Affected versions
0.*
0.8-1
0.8.1-1
0.8.1-2
0.8.1-3
0.8.1-3sarge1
0.8.1-3sarge2
0.8.1-3sarge3
0.8.1-3sarge4
0.8.1-3sarge5
0.8.1-3sarge6
0.8.1-3sarge7
0.8.3-1
0.8.4-1
0.8.4-2
0.9-1
0.9-0beta1+r2227-1
0.9-0beta2+r2418-1
0.9.1-1
0.9.1-2
0.9.2-1
0.9.3-1
0.9.4-1
0.9.4-2
0.9.4-3
0.9.4+0.10svn20060321-1
0.9.4+0.10svn20060321-2
0.9.4+0.10svn20060321-3
0.9.5-1
0.9.5-1.1
0.9.5-2