Vulnerability Description
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Dwarf Http Server | 1.3.2 |
References
- http://secunia.com/advisories/18962PatchVendor Advisory
- http://secunia.com/secunia_research/2006-13/advisoryPatchVendor Advisory
- http://securityreason.com/securityalert/576
- http://securitytracker.com/id?1015779
- http://www.osvdb.org/23836
- http://www.securityfocus.com/archive/1/427478/100/0/threaded
- http://www.securityfocus.com/bid/17123
- http://www.vupen.com/english/advisories/2006/0937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25178
- http://secunia.com/advisories/18962PatchVendor Advisory
- http://secunia.com/secunia_research/2006-13/advisoryPatchVendor Advisory
- http://securityreason.com/securityalert/576
- http://securitytracker.com/id?1015779
- http://www.osvdb.org/23836
- http://www.securityfocus.com/archive/1/427478/100/0/threaded
FAQ
What is CVE-2006-0819?
CVE-2006-0819 is a vulnerability with a CVSS score of 7.8 (HIGH). Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
How severe is CVE-2006-0819?
CVE-2006-0819 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0819?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Dwarf Http Server.