CVE-2006-4140

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

14/08/2006

Last modified:

03/04/2025

Description

Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 5.00 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

5.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:ipcheck:server_monitor:4.3.1.368:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.3.1.382:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.4.1.521:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.4.1.522:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.272:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.299:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.309:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.321:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.341:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.342:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.345:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.404:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.405:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.418:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.420:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:ipcheck:server_monitor:4.3.1.368:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.3.1.382:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.4.1.521:::::::*
cpe:2.3:a:ipcheck:server_monitor:4.4.1.522:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.272:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.299:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.309:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.0.1.321:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.341:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.342:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.1.0.345:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.404:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.405:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.418:::::::*
cpe:2.3:a:ipcheck:server_monitor:5.2.0.420:::::::*

CVE-2006-4140

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools