ID |
CVE-2006-4110
|
Summary |
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*
-
cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*
-
cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*
|
CVSS |
Base: | 4.3 (as of 17-10-2018 - 21:33) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
refmap
via4
|
bid | 19447 | bugtraq | - 20060809 CGI Script Source Code Disclosure Vulnerability in Apache for Windows
- 20060817 Re: Re: CGI Script Source Code Disclosure Vulnerability in Apache for Windows
| osvdb | 27913 | secunia | 21490 | sreason | 1370 | vupen | ADV-2006-3265 | xf | apache-modalias-information-disclosure(28357) |
|
Last major update |
17-10-2018 - 21:33 |
Published |
14-08-2006 - 20:04 |
Last modified |
17-10-2018 - 21:33 |