PT-2006-1866 · Dwarf · Dwarf Http Server

Tan Chew Keong

Publicado

2006-03-13

Atualizado

2018-10-18

CVE-2006-0819

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dwarf HTTP Server version 1.3.2

Description The issue allows remote attackers to obtain the source code of JSP files by manipulating the filename extension in an HTTP request with specific characters, including dot, space, slash, or NULL characters.

Recommendations For Dwarf HTTP Server version 1.3.2, update to a newer version that addresses this issue, as using specific characters in the filename extension of an HTTP request can lead to exposure of JSP source code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0819

Produtos afetados

Dwarf Http Server

PT-2006-1866 · Dwarf · Dwarf Http Server

CVE-2006-0819

Identificadores relacionados

Produtos afetados

Referências · 10