Vulnerability Details CVE-2006-1386
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/19410
- http://securitytracker.com/id?1015843
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
- http://www.securityfocus.com/bid/17268
- http://www.vupen.com/english/advisories/2006/1116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25444
- http://secunia.com/advisories/19410
- http://securitytracker.com/id?1015843
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess
- http://www.securityfocus.com/bid/17268
- http://www.vupen.com/english/advisories/2006/1116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25444