CVE-2006-3070 - Vulnerability Details - OpenCVE

write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zeroboard	Zeroboard

Configuration 1 [-]

cpe:2.3:a:zeroboard:zeroboard:4.1_pl8:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=full-disclosure&m=115044567831726&w=2
http://secunia.com/advisories/20592
http://securecast.wins21.com/zerovul.html
http://www.securityfocus.com/archive/1/437442/30/4320/threaded
http://www.securityfocus.com/bid/18465
http://www.vupen.com/english/advisories/2006/2318
https://exchange.xforce.ibmcloud.com/vulnerabilities/27038

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-19T10:00:00

Updated: 2024-08-07T18:16:05.600Z

Reserved: 2006-06-19T00:00:00

Link: CVE-2006-3070

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-06-19T10:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3070

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-2318", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2318"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"}, {"name": "18465", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18465"}, {"name": "zeroboard-htaccess-file-upload-(27038)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"}, {"tags": ["x_refsource_MISC"], "url": "http://securecast.wins21.com/zerovul.html"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=115044567831726&w=2"}, {"name": "20592", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20592"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3070", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-2318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2318"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"}, {"name": "18465", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18465"}, {"name": "zeroboard-htaccess-file-upload-(27038)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"}, {"name": "http://securecast.wins21.com/zerovul.html", "refsource": "MISC", "url": "http://securecast.wins21.com/zerovul.html"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=115044567831726&w=2"}, {"name": "20592", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20592"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.600Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-2318", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2318"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"}, {"name": "18465", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18465"}, {"name": "zeroboard-htaccess-file-upload-(27038)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securecast.wins21.com/zerovul.html"}, {"name": "20060616 Zeroboard File Upload & extension bypass Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=115044567831726&w=2"}, {"name": "20592", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20592"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3070", "datePublished": "2006-06-19T10:00:00", "dateReserved": "2006-06-19T00:00:00", "dateUpdated": "2024-08-07T18:16:05.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zeroboard:zeroboard:4.1_pl8:*:*:*:*:*:*:*", "matchCriteriaId": "09CF972A-66EF-4605-B637-DF1DCE9B13A9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php."}, {"lang": "es", "value": "write_ok.php en Zeroboard 4,1 pl8, cuando se instala en Apache con mod_mime, permite a atacantes remotos eludir las restricciones para la carga de archivos con extensiones ejecutables mediante la subida de un archivo. htaccess que con una directiva AddType que asigna un m\u00f3dulo ejecutable a los archivos con extensiones assumed-safe, como se demuestra mediante la asignaci\u00f3n de la extensi\u00f3n txt a ser manipulados por application / x-httpd-php."}], "id": "CVE-2006-3070", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-19T10:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure&m=115044567831726&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20592"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://securecast.wins21.com/zerovul.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18465"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2318"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=115044567831726&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://securecast.wins21.com/zerovul.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/437442/30/4320/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27038"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}