CVE-2006-0819

Properties

Published:
12.03.2006
Updated:
13.03.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N)
    Product:
    GNOME: Dwarf HTTP Server

    Vulnerability description

    Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

    References:

    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/427478/100/0/threaded
    secunia.com: http://secunia.com/secunia_research/2006-13/advisory
    FRSIRT: http://www.frsirt.com/english/advisories/2006/0937
    SECUNIA: http://secunia.com/advisories/18962
    BID: http://www.securityfocus.com/bid/17123
    OSVDB: http://www.osvdb.org/23836
    SECTRACK: http://securitytracker.com/id?1015779
    XF: http://xforce.iss.net/xforce/xfdb/25178