High severity7.5NVD Advisory· Published Dec 21, 2006· Updated Jun 16, 2026
CVE-2006-6679
CVE-2006-6679
Description
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:chetcpasswd_project:chetcpasswd:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:chetcpasswd_project:chetcpasswd:*:*:*:*:*:*:*:*range: <2.4
- (no CPE)range: <2.4
Patches
Vulnerability mechanics
References
7- bugs.debian.org/cgi-bin/bugreport.cginvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/22967nvdBroken LinkPermissions RequiredThird Party Advisory
- www.securityfocus.com/bid/21102nvdBroken LinkThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/30451nvdThird Party AdvisoryVDB Entry
- sourceforge.net/project/shownotes.phpnvdProduct
- www.osvdb.org/30544nvdBroken Link
News mentions
0No linked articles in our index yet.