| Vulnerability Name: | CVE-2006-1126 (CCN-25120) | ||||||||
| Assigned: | 2006-03-03 | ||||||||
| Published: | 2006-03-03 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: BUGTRAQ Type: Patch, Vendor Advisory 20060303 Gallery 2 Multiple Vulnerabilities Source: MITRE Type: CNA CVE-2006-1126 Source: CCN Type: Gallery Web site Gallery - Your Photos on Your Website Source: CONFIRM Type: UNKNOWN http://gallery.menalto.com/gallery_2.0.3_released Source: CCN Type: SA19104 Gallery Script Insertion and Session Handling Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 19104 Source: CCN Type: SECTRACK ID: 1015717 Gallery Input Validation Holes Let Remote Users Delete Files and Conduct Cross-Site Scripting Attacks Source: SECTRACK Type: Patch, Vendor Advisory 1015717 Source: CCN Type: GulfTech Research & Development Web site Gallery 2 Multiple Vulnerabilities Source: MISC Type: Patch http://www.gulftech.org/?node=research&article_id=00106-03022006 Source: CCN Type: OSVDB ID: 59499 Gallery GalleryUtilities.class X_FORWARDED_FOR HTTP Header Client IP Address Spoofing Weakness Source: CCN Type: BID-16940 Gallery Album Comments HTML Injection Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0813 Source: XF Type: UNKNOWN gallery-header-spoofing(25120) Source: XF Type: UNKNOWN gallery-header-spoofing(25120) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||