Vulnerability Details : CVE-2006-1280
CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.
Products affected by CVE-2006-1280
- cpe:2.3:a:sherzod_ruzmetov:cgi_session:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1280
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-1280
-
http://www.securityfocus.com/bid/17099
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25283
CGI::Session driver files insecure permissions CVE-2006-1280 Vulnerability Report
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
#356555 - writes session files insecurely to /tmp; symlink attacks and data exposure - Debian Bug report logsExploit
-
http://www.vupen.com/english/advisories/2006/0946
Site en construction
Jump to