CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt	Exploit Patch
http://secunia.com/advisories/21193	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1302
http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip	Patch
http://www.opencms.org/opencms/en/shownews.html?id=1002	Patch
http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28000
http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt	Exploit Patch
http://secunia.com/advisories/21193	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1302
http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip	Patch
http://www.opencms.org/opencms/en/shownews.html?id=1002	Patch
http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28000

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:alkacon:opencms::::::::
	cpe:2.3:a:alkacon:opencms:6.0.0:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.2:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.3:::::::*
	cpe:2.3:a:alkacon:opencms:6.0.4:::::::*
	cpe:2.3:a:alkacon:opencms:6.2:::::::*

History

No history.

Information

Published : 2006-07-31 22:04

Updated : 2025-04-03 01:03

NVD link : CVE-2006-3934

Mitre link : CVE-2006-3934

CVE.ORG link : CVE-2006-3934

JSON object : View

Products Affected

alkacon

opencms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2006-3934", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-31T22:04:00.000", "references": [{"url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21193", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1302", "source": "cve@mitre.org"}, {"url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.opencms.org/opencms/en/shownews.html?id=1002", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000", "source": "cve@mitre.org"}, {"url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/21193", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1302", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.opencms.org/opencms/en/shownews.html?id=1002", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28000", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter."}, {"lang": "es", "value": "Vulnerabilidad de cruce de ruta absoluta en downloadTrigger.jsp en Alkacon OpenCms anterior a 6.2.2 permite a usuarios remotos autenticados bajarse ficheros de su elecci\u00f3n mediante un nombre de ruta absoluto en el par\u00e1metro filePath."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E346469-F1FE-40C0-AC3E-E61121770398", "versionEndIncluding": "6.2.1"}, {"criteria": "cpe:2.3:a:alkacon:opencms:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8369451E-7C00-4CC3-9B80-871559E3F59E"}, {"criteria": "cpe:2.3:a:alkacon:opencms:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD4F9A11-BF2F-4C12-AE12-480EE547DD8D"}, {"criteria": "cpe:2.3:a:alkacon:opencms:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A4931F-1EA7-48E5-B369-FA013FB87D12"}, {"criteria": "cpe:2.3:a:alkacon:opencms:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72D23BDD-8C14-44B4-83C3-26F4F35526A1"}, {"criteria": "cpe:2.3:a:alkacon:opencms:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F73D28-272C-4271-BDA1-ACCFA3F8EEDB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nAlkacon, OpenCms, 6.2.2"}