CVE-2006-3695
published 2006-07-21CVE-2006-3695: Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from…
PriorityP419medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.86%
76.6th percentile
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | trac | < trac 0.9.6-1 (sid) | trac 0.9.6-1 (sid) |
| edgewall_software | trac | <= 0.9.5 | — |
| edgewall_software | trac | >= 0 < 0.9.6-1 | 0.9.6-1 |
| edgewall_software | trac | >= 0 < 0.9.6 | 0.9.6 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa2.1LOW
osv2.1LOW
vendor_debian2.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Trac reStructuredText breach of privacy and denial of service vulnerability
ghsa·2022-05-01·CVSS 2.1
CVE-2006-3695 [LOW] CWE-200 Trac reStructuredText breach of privacy and denial of service vulnerability
Trac reStructuredText breach of privacy and denial of service vulnerability
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
OSV
Trac reStructuredText breach of privacy and denial of service vulnerability
osv·2022-05-01·CVSS 2.1
CVE-2006-3695 [LOW] Trac reStructuredText breach of privacy and denial of service vulnerability
Trac reStructuredText breach of privacy and denial of service vulnerability
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
OSV
CVE-2006-3695: Trac before 0
osv·2006-07-21·CVSS 2.1
CVE-2006-3695 [LOW] CVE-2006-3695: Trac before 0
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Debian
CVE-2006-3695: trac - Trac before 0.9.6 does not disable the "raw" or "include" commands when providin...
vendor_debian·2006·CVSS 2.1
CVE-2006-3695 [LOW] CVE-2006-3695: trac - Trac before 0.9.6 does not disable the "raw" or "include" commands when providin...
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Scope: local
sid: resolved (fixed in 0.9.6-1)
trixie: resolved (fixed in 0.9.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/20958http://secunia.com/advisories/21534http://securitytracker.com/id?1016457http://trac.edgewall.org/wiki/ChangeLoghttp://www.debian.org/security/2006/dsa-1152http://www.securityfocus.com/bid/18323http://www.vupen.com/english/advisories/2006/2729https://exchange.xforce.ibmcloud.com/vulnerabilities/27706https://exchange.xforce.ibmcloud.com/vulnerabilities/27708http://secunia.com/advisories/20958http://secunia.com/advisories/21534http://securitytracker.com/id?1016457http://trac.edgewall.org/wiki/ChangeLoghttp://www.debian.org/security/2006/dsa-1152http://www.securityfocus.com/bid/18323http://www.vupen.com/english/advisories/2006/2729https://exchange.xforce.ibmcloud.com/vulnerabilities/27706https://exchange.xforce.ibmcloud.com/vulnerabilities/27708
2006-07-21
Published