CVE-2006-0150

Published Jan 9, 2006

Last updated 9 months ago

Overview

Description: Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-134

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "678DC013-C189-4450-83D7-7CA83978D867"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67834D84-DA08-4598-AA6F-7C2AD095AEAF"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DDE2D83-0427-406F-95C7-DF4E04191A0E"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C38EB5CF-BB53-4639-8B78-48A9115D7B69"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93EB949A-CB30-4B43-A767-8BF3B19748D9"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B4B7D2F-8078-4602-9858-D17EADD0BCFF"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1FD235-E1F6-4487-B653-7C2B8227A225"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21A3A182-E506-4259-AD0F-9F158D8CAEA5"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFBA6A46-7FC9-46C7-8213-121D2DE72D13"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67F8E9FB-C4DF-4570-B7EE-3A85836F00C8"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB747406-CFC4-44AF-9862-6EDCD2D463D9"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B4C635C-9D6D-41A2-956F-7C1D293CF048"
          },
          {
            "criteria": "cpe:2.3:a:dave_carrigan:auth_ldap:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "662A811A-7352-42A3-8448-9B430DC28E83"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References