Vulnerability Description
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alkacon | Opencms | 6.0.0 |
References
- http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txtExploit
- http://secunia.com/advisories/21193PatchVendor Advisory
- http://securityreason.com/securityalert/1302
- http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zipPatch
- http://www.opencms.org/opencms/en/shownews.html?id=1002Patch
- http://www.securityfocus.com/archive/1/441182/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28001
- http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txtExploit
- http://secunia.com/advisories/21193PatchVendor Advisory
- http://securityreason.com/securityalert/1302
- http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zipPatch
- http://www.opencms.org/opencms/en/shownews.html?id=1002Patch
- http://www.securityfocus.com/archive/1/441182/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28001
FAQ
What is CVE-2006-3936?
CVE-2006-3936 is a vulnerability with a CVSS score of 4.0 (MEDIUM). system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, a...
How severe is CVE-2006-3936?
CVE-2006-3936 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3936?
Check the references section above for vendor advisories and patch information. Affected products include: Alkacon Opencms.