Home > Vulnerability Database > CVE-2006-3695

Mend.io Vulnerability Database

CVE-2006-3695

Date: July 18, 2006

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

Severity Score

9.4

Related Resources (16)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27708

Url: http://www.securityfocus.com/bid/18323

Url: http://secunia.com/advisories/20958

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27706

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-3695

Url: http://securitytracker.com/id?1016457

Url: http://trac.edgewall.org/wiki/ChangeLog

Url: https://web.archive.org/web/20140804165436/http://secunia.com/advisories/21534

Url: http://secunia.com/advisories/21534

Url: http://www.vupen.com/english/advisories/2006/2729

Url: https://web.archive.org/web/20061227230548/http://trac.edgewall.org/wiki/ChangeLog

Url: https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2006-2.yaml

Url: http://www.debian.org/security/2006/dsa-1152

Url: https://web.archive.org/web/20200228034827/http://www.securityfocus.com/bid/18323

Url: https://web.archive.org/web/20140806223337/http://secunia.com/advisories/20958

Url: https://www.mend.io/vulnerability-database/CVE-2006-3695

Severity Score

9.4

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	9.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-3695

Date: July 18, 2006

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?