PT-2006-2597 · Openssl · Openssl

Diddymus

Published

2006-04-03

Updated

2017-07-21

CVE-2006-1599

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: v-creator versions prior to 1.3-pre3

Description: The issue allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions, when the VC CRYPTO METHOD option is set to OPENSSL.

Recommendations: For versions prior to 1.3-pre3, update to version 1.3-pre3 or later to resolve the issue. As a temporary workaround, consider disabling the encrypt and decrypt functions until a patch is available. Restrict access to VCEngine.php to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1599

Affected Products

Openssl

PT-2006-2597 · Openssl · Openssl

CVE-2006-1599

Related Identifiers

Affected Products

References · 8