CVE-2006-0819

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/secunia_research/2006-13/advisory	Patch Vendor Advisory
http://secunia.com/advisories/18962	Patch Vendor Advisory
http://www.securityfocus.com/bid/17123
http://www.osvdb.org/23836
http://securitytracker.com/id?1015779
http://securityreason.com/securityalert/576
http://www.vupen.com/english/advisories/2006/0937
https://exchange.xforce.ibmcloud.com/vulnerabilities/25178
http://www.securityfocus.com/archive/1/427478/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:dwarf_http_server:1.3.2:*:*:*:*:*:*:*

Information

Published : 2006-03-13 11:34

Updated : 2018-10-18 09:29

NVD link : CVE-2006-0819

Mitre link : CVE-2006-0819

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

gnome

dwarf_http_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-13/advisory", "name": "http://secunia.com/secunia_research/2006-13/advisory", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/18962", "name": "18962", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17123", "name": "17123", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/23836", "name": "23836", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015779", "name": "1015779", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securityreason.com/securityalert/576", "name": "576", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0937", "name": "ADV-2006-0937", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25178", "name": "dwarfhttp-extension-information-disclosure(25178)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/427478/100/0/threaded", "name": "20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0819", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-13T19:34Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:dwarf_http_server:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:29Z"}