Vulnerabilities > CVE-2006-0816 - Unspecified vulnerability in Orionserver Orion Application Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. Update to version 2.0.7 or contact the vendor for a patch.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | ORION_SCRIPT_SOURCE_DISCLOSURE.NASL |
| description | The remote host is running Orion Application Server, an application server running on a Java2 platform. According to its banner, the version of Orion installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of JSP scripts hosted by the affected application using specially crafted requests with dot and space characters. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21152 |
| published | 2006-03-27 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21152 |
| title | Orion Application Server Crafted Filename Extension JSP Script Source Disclosure |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1455.html
- http://secunia.com/advisories/18950
- http://secunia.com/secunia_research/2006-11/advisory/
- http://securitytracker.com/id?1015823
- http://www.osvdb.org/24053
- http://www.securityfocus.com/archive/1/428601/100/0/threaded
- http://www.securityfocus.com/bid/17204
- http://www.vupen.com/english/advisories/2006/1055
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25405