CVE-2006-0819 Information

Description

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot (2) space (3) slash or (4) NULL characters in the filename extension of an HTTP request.

Reference

http://secunia.com/advisories/18962 http://secunia.com/secunia_research/2006-13/advisory http://securityreason.com/securityalert/576 http://securitytracker.com/id?1015779 http://www.osvdb.org/23836 http://www.securityfocus.com/archive/1/427478/100/0/threaded http://www.securityfocus.com/bid/17123 http://www.vupen.com/english/advisories/2006/0937 https://exchange.xforce.ibmcloud.com/vulnerabilities/25178