Home > Vulnerability Database > CVE-2006-3695

Mend.io Vulnerability Database

CVE-2006-3695

Date: July 18, 2006

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

Severity Score

5.6

Related Resources (12)

Url: http://trac.edgewall.org/wiki/ChangeLog

Url: http://secunia.com/advisories/21534

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-3695

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27708

Url: http://www.vupen.com/english/advisories/2006/2729

Url: http://www.securityfocus.com/bid/18323

Url: http://secunia.com/advisories/20958

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27706

Url: http://www.debian.org/security/2006/dsa-1152

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-3695

Url: http://securitytracker.com/id?1016457

Url: https://www.mend.io/vulnerability-database/CVE-2006-3695

Severity Score

5.6

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-3695

Date: July 18, 2006

Severity Score

Related Resources (12)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?