CVE-2006-6071 Information

Description

TWiki 4.0.5 and earlier when running under Apache 1.3 using ApacheLogin with sessions and \ErrorDocument 401\ redirects to a valid wiki topic does not properly handle failed login attempts which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.

Reference

http://secunia.com/advisories/23189 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071 http://www.securityfocus.com/bid/21381 http://www.vupen.com/english/advisories/2006/4790 https://exchange.xforce.ibmcloud.com/vulnerabilities/30667