Source Code Disclosure Vulnerability in Dwarf HTTP Server by Dwarf
CVE-2006-0819

Currently unrated

Key Information:

Vendor: Gnome
Status: Dwarf Http Server
Vendor: CVE Published:; 13 March 2006

What is CVE-2006-0819?

The Dwarf HTTP Server version 1.3.2 has a vulnerability that allows remote attackers to gain unauthorized access to the source code of JSP files by manipulating the filename extension in HTTP requests through the use of certain characters, including dot, space, slash, or NULL. This can lead to potential exposure of sensitive information contained within the JSP files, which may further facilitate attacks on the server or its underlying systems.

References

http://www.vupen.com/english/advisories/2006/0937

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1015779

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/17123

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2006
Vulnerability Reserved
Feb 21, 2006

Gnome

What is CVE-2006-0819?

References

Timeline