CVE-2006-6017 - OpenCVE

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=153303
http://trac.wordpress.org/ticket/2591
http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-21T23:00:00Z

Updated: 2024-09-17T00:57:05.147Z

Reserved: 2006-11-21T00:00:00Z

Link: CVE-2006-6017

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-11-21T23:07:00.000

Modified: 2008-09-05T21:13:40.570

Link: CVE-2006-6017

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-11-21T23:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200611-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.wordpress.org/ticket/2591"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6017", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200611-10", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"}, {"name": "http://trac.wordpress.org/ticket/2591", "refsource": "CONFIRM", "url": "http://trac.wordpress.org/ticket/2591"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=153303", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.445Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-200611-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.wordpress.org/ticket/2591"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6017", "datePublished": "2006-11-21T23:00:00Z", "dateReserved": "2006-11-21T00:00:00Z", "dateUpdated": "2024-09-17T00:57:05.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "A45515B8-1315-44D2-A6DD-4597E722EF43", "versionEndIncluding": "2.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display."}, {"lang": "es", "value": "WordPress anterior a 2.0.5 no almacena adecuadamente un perfil que contiene una representaci\u00f3n de un objeto serializado en una cadena, lo cual permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante una cadena que representa un objeto serializado (1) mal formado o (2) grande, debido a que el objeto dispara una deserializaci\u00f3n autom\u00e1tica para mostrarse."}], "id": "CVE-2006-6017", "lastModified": "2008-09-05T21:13:40.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-21T23:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"}, {"source": "cve@mitre.org", "url": "http://trac.wordpress.org/ticket/2591"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}