Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0816

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0816
Last Modified 07 Mar 2011 09:30:51
Published 24 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0816

Summary

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.

Vulnerable Systems

Application

  • Orion%02 Orion Application Server 2.06

  • Orion%2a Orion Application Server 2.06


References

VUPEN - ADV-2006-1055

MISC - http://secunia.com/secunia_research/2006-11/advisory/

SECUNIA - 18950

XF - orion-jsp-source-disclosure(25405)

BID - 17204

BUGTRAQ - 20060323 Secunia Research: Orion Application Server JSP Source DisclosureVulnerability

OSVDB - 24053

SECTRACK - 1015823

FULLDISC - 20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability


Last Updated: 27 May 2016 11:02:42