CVE-2006-0707 Information

Description

PyBlosxom before 1.3.2 when running on certain webservers allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters which is accessed using the PATH_INFO variable.

Reference

http://secunia.com/advisories/18858 http://sourceforge.net/project/shownotes.php?release_id=391800 http://www.securityfocus.com/bid/16641 http://www.vupen.com/english/advisories/2006/0571 https://exchange.xforce.ibmcloud.com/vulnerabilities/24730