Vulnerability CVE-2006-0819


Published: 2006-03-13   Modified: 2012-02-12

Description:
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting
Secunia Research
14.03.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Gnome -> Dwarf http server 

 References:
http://securityreason.com/securityalert/576
http://securitytracker.com/id?1015779
http://www.securityfocus.com/archive/1/427478/100/0/threaded
http://www.securityfocus.com/bid/17123
http://www.vupen.com/english/advisories/2006/0937
https://exchange.xforce.ibmcloud.com/vulnerabilities/25178

Copyright 2024, cxsecurity.com

 

Back to Top