PT-2006-1866 · Dwarf · Dwarf Http Server

Tan Chew Keong

Published

2006-03-13

Updated

2018-10-18

CVE-2006-0819

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dwarf HTTP Server version 1.3.2

Description The issue allows remote attackers to obtain the source code of JSP files by manipulating the filename extension in an HTTP request with specific characters, including dot, space, slash, or NULL characters.

Recommendations For Dwarf HTTP Server version 1.3.2, update to a newer version that addresses this issue, as using specific characters in the filename extension of an HTTP request can lead to exposure of JSP source code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0819

Affected Products

Dwarf Http Server

PT-2006-1866 · Dwarf · Dwarf Http Server

CVE-2006-0819

Related Identifiers

Affected Products

References · 10