CVE-2006-2692 - Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to re

CVE-2006-2692

Summary

Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. Successful exploitation requires that the full pathname of the file is known. This vulnerability is addressed in the following product release: aMule, aMule, 2.1.2

References

http://secunia.com/advisories/20351
http://securitytracker.com/id?1016188
http://www.amule.org/wiki/index.php/Changelog_2.1.2
http://www.securityfocus.com/bid/18145

Vulnerable Configurations

cpe:2.3:a:amule:amule:*:*:*:*:*:*:*:*
cpe:2.3:a:amule:amule:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-09-2008 - 21:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	18145
confirm	http://www.amule.org/wiki/index.php/Changelog_2.1.2
sectrack	1016188
secunia	20351

Last major update

05-09-2008 - 21:05

Published

31-05-2006 - 10:06

Last modified

05-09-2008 - 21:05