Vulnerabilities > CVE-2006-0819 - Unspecified vulnerability in Gnome Dwarf Http Server 1.3.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN gnome
nessus
Summary
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | DWARF_HTTP_133.NASL |
description | The remote host is running Dwarf HTTP Server, a full-featured, Java-based web server. According to its banner, the version of Dwarf HTTP Server on the remote host reportedly fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose the source of scripts hosted by the affected application using specially crafted requests with dot, space, slash, and NULL characters. In addition, the web server also reportedly fails to sanitize requests before returning error pages, which can be exploited to conduct cross-site scripting attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21092 |
published | 2006-03-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21092 |
title | Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc) |
code |
|
References
- http://secunia.com/advisories/18962
- http://secunia.com/advisories/18962
- http://secunia.com/secunia_research/2006-13/advisory
- http://secunia.com/secunia_research/2006-13/advisory
- http://securityreason.com/securityalert/576
- http://securityreason.com/securityalert/576
- http://securitytracker.com/id?1015779
- http://securitytracker.com/id?1015779
- http://www.osvdb.org/23836
- http://www.osvdb.org/23836
- http://www.securityfocus.com/archive/1/427478/100/0/threaded
- http://www.securityfocus.com/archive/1/427478/100/0/threaded
- http://www.securityfocus.com/bid/17123
- http://www.securityfocus.com/bid/17123
- http://www.vupen.com/english/advisories/2006/0937
- http://www.vupen.com/english/advisories/2006/0937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25178