CVE-2006-0150

{"id": "CVE-2006-0150", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-01-09T23:03:00.000", "references": [{"url": "http://secunia.com/advisories/18382", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18405", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18412", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18568", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015456", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-952", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.digitalarmaments.com/2006090173928420.html", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.rudedog.org/auth_ldap/Changes.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16177", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0117", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18382", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18405", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18412", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/18568", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015456", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2006/dsa-952", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digitalarmaments.com/2006090173928420.html", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0179.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rudedog.org/auth_ldap/Changes.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/421286/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/16177", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0117", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24030", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "678DC013-C189-4450-83D7-7CA83978D867"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67834D84-DA08-4598-AA6F-7C2AD095AEAF"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DDE2D83-0427-406F-95C7-DF4E04191A0E"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38EB5CF-BB53-4639-8B78-48A9115D7B69"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93EB949A-CB30-4B43-A767-8BF3B19748D9"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B4B7D2F-8078-4602-9858-D17EADD0BCFF"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B1FD235-E1F6-4487-B653-7C2B8227A225"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21A3A182-E506-4259-AD0F-9F158D8CAEA5"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBA6A46-7FC9-46C7-8213-121D2DE72D13"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67F8E9FB-C4DF-4570-B7EE-3A85836F00C8"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB747406-CFC4-44AF-9862-6EDCD2D463D9"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B4C635C-9D6D-41A2-956F-7C1D293CF048"}, {"criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "662A811A-7352-42A3-8448-9B430DC28E83"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}