Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0819

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-0819
Last Modified 07 Mar 2011 09:30:51
Published 13 Mar 2006 02:34:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0819

Summary

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

Vulnerable Systems

Application

  • Gnome Dwarf Http Server 1.3.2


References

BUGTRAQ - 20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting

MISC - http://secunia.com/secunia_research/2006-13/advisory

SECUNIA - 18962

VUPEN - ADV-2006-0937

XF - dwarfhttp-extension-information-disclosure(25178)

BID - 17123

OSVDB - 23836

SECTRACK - 1015779

SREASON - 576


Last Updated: 27 May 2016 10:41:48