CVE-2006-0707

Name of the Vulnerable Software and Affected Versions PyBlosxom versions prior to 1.3.2

Description The issue allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH INFO variable. This occurs when PyBlosxom is running on certain webservers.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the PATH INFO variable to minimize the risk of exploitation.