CVE-2006-3336 - OpenCVE

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Twiki	Twiki

Configuration 1 [-]

OR	cpe:2.3:a:twiki:twiki:4.0:::::::*
	cpe:2.3:a:twiki:twiki:4.0.0:::::::*
	cpe:2.3:a:twiki:twiki:4.0.1:::::::*
	cpe:2.3:a:twiki:twiki:4.0.2:::::::*
	cpe:2.3:a:twiki:twiki:4.0.3:::::::*
	cpe:2.3:a:twiki:twiki:2000-12-01:::::::*
	cpe:2.3:a:twiki:twiki:2001-09-01:::::::*
	cpe:2.3:a:twiki:twiki:2001-12-01:::::::*
	cpe:2.3:a:twiki:twiki:2003-02-01:::::::*
	cpe:2.3:a:twiki:twiki:2004-09-01:::::::*
	cpe:2.3:a:twiki:twiki:2004-09-02:::::::*
	cpe:2.3:a:twiki:twiki:2004-09-03:::::::*
	cpe:2.3:a:twiki:twiki:2004-09-04:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/20992
http://securitytracker.com/id?1016458
http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
http://www.securityfocus.com/bid/18854
http://www.vupen.com/english/advisories/2006/2677

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-05T20:00:00

Updated: 2024-08-07T18:23:21.162Z

Reserved: 2006-07-02T00:00:00

Link: CVE-2006-3336

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-05T20:05:00.000

Modified: 2011-03-08T02:38:23.173

Link: CVE-2006-3336

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-07-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-2677", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2677"}, {"name": "20992", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20992"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"}, {"name": "18854", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18854"}, {"name": "1016458", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016458"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3336", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-2677", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2677"}, {"name": "20992", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20992"}, {"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads", "refsource": "CONFIRM", "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"}, {"name": "18854", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18854"}, {"name": "1016458", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016458"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:23:21.162Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-2677", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2677"}, {"name": "20992", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20992"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"}, {"name": "18854", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18854"}, {"name": "1016458", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016458"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3336", "datePublished": "2006-07-05T20:00:00", "dateReserved": "2006-07-02T00:00:00", "dateUpdated": "2024-08-07T18:23:21.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*", "matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*", "matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*", "matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*", "matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*", "matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*", "matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*", "matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*", "matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."}, {"lang": "es", "value": "Vulnerabilidad en TWiki desde la versi\u00f3n del 01-Dic-2000 hasta la versi\u00f3n v4.0.3 que permite a atacantes remotos saltarse el \"upload filter\" (filtro o control de subida) y ejecutar c\u00f3digo de su elecci\u00f3n a traves de nombres de ficheros con dos extensiones como \".php.en\", \".php.1\" y otras extensiones disponibles que no son .txt. NOTA: para que se produzca esta vulnerabilidad el servidor debe permiter la ejecuci\u00f3n de scripts en un directorio p\u00fablico."}], "id": "CVE-2006-3336", "lastModified": "2011-03-08T02:38:23.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-05T20:05:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20992"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016458"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18854"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2677"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}