CVE-2006-2691 - Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote at

CVE-2006-2691

Summary

Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. Successful exploitation requires that the full pathname of the file is known. This vulnerability is addressed in the following product release: aMule, aMule, 2.1.2

References

http://secunia.com/advisories/20351
http://securitytracker.com/id?1016188
http://www.amule.org/wiki/index.php/Changelog_2.1.2
http://www.securityfocus.com/bid/18145
https://exchange.xforce.ibmcloud.com/vulnerabilities/26953

Vulnerable Configurations

cpe:2.3:a:amule:amule:*:*:*:*:*:*:*:*
cpe:2.3:a:amule:amule:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	18145
confirm	http://www.amule.org/wiki/index.php/Changelog_2.1.2
sectrack	1016188
secunia	20351
xf	amule-url-information-disclosure(26953)

Last major update

20-07-2017 - 01:31

Published

31-05-2006 - 10:06

Last modified

20-07-2017 - 01:31