Vulnerability Description
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kahua | Kahua | 0.1 |
References
- http://secunia.com/advisories/22785PatchVendor Advisory
- http://www.kahua.org/cgi-bin/kahua.fcgi/kahua-web/show/KSA/KSA2006-001PatchVendor Advisory
- http://www.securityfocus.com/bid/21074
- http://www.timedia.co.jp/news/2467470581PatchVendor Advisory
- http://www.vupen.com/english/advisories/2006/4486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30206
- http://secunia.com/advisories/22785PatchVendor Advisory
- http://www.kahua.org/cgi-bin/kahua.fcgi/kahua-web/show/KSA/KSA2006-001PatchVendor Advisory
- http://www.securityfocus.com/bid/21074
- http://www.timedia.co.jp/news/2467470581PatchVendor Advisory
- http://www.vupen.com/english/advisories/2006/4486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30206
FAQ
What is CVE-2006-5932?
CVE-2006-5932 is a vulnerability with a CVSS score of 7.5 (HIGH). Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authentica...
How severe is CVE-2006-5932?
CVE-2006-5932 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5932?
Check the references section above for vendor advisories and patch information. Affected products include: Kahua Kahua.