CVE-2006-0819
CVSS7.8
发布时间 :2006-03-13 14:34:00
修订时间 :2011-03-07 21:30:51
NMCOS    

[原文]Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.


[CNNVD]Dwarf HTTP Server源码泄漏及跨站脚本攻击漏洞(CNNVD-200603-242)

        Dwarf HTTP Server是一款简单易用的免费Web Server。
        Dwarf HTTP Server中存在信息泄漏和跨站脚本攻击漏洞,如下:
        1) 由于没有正确地验证URL中用户所提供的文件名扩展,导致攻击者可以通过包含有逗号、空格、斜线和空字符的特制请求从服务器检索JSP文件的源码。
        2) 在向用户返回错误消息之前没有过滤URL的输入,导致攻击者可以在用户浏览器会话环境中执行任意HTML和脚本代码。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0819
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0819
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-242
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/archive/1/427478/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060313 Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting
http://secunia.com/secunia_research/2006-13/advisory
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2006-13/advisory
http://secunia.com/advisories/18962
(VENDOR_ADVISORY)  SECUNIA  18962
http://www.vupen.com/english/advisories/2006/0937
(UNKNOWN)  VUPEN  ADV-2006-0937
http://xforce.iss.net/xforce/xfdb/25178
(UNKNOWN)  XF  dwarfhttp-extension-information-disclosure(25178)
http://www.securityfocus.com/bid/17123
(UNKNOWN)  BID  17123
http://www.osvdb.org/23836
(UNKNOWN)  OSVDB  23836
http://securitytracker.com/id?1015779
(UNKNOWN)  SECTRACK  1015779
http://securityreason.com/securityalert/576
(UNKNOWN)  SREASON  576

- 漏洞信息

Dwarf HTTP Server源码泄漏及跨站脚本攻击漏洞
高危 输入验证
2006-03-13 00:00:00 2006-03-13 00:00:00
远程  
        Dwarf HTTP Server是一款简单易用的免费Web Server。
        Dwarf HTTP Server中存在信息泄漏和跨站脚本攻击漏洞,如下:
        1) 由于没有正确地验证URL中用户所提供的文件名扩展,导致攻击者可以通过包含有逗号、空格、斜线和空字符的特制请求从服务器检索JSP文件的源码。
        2) 在向用户返回错误消息之前没有过滤URL的输入,导致攻击者可以在用户浏览器会话环境中执行任意HTML和脚本代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载1.3.3版本:
        http://www.gnome.org

- 漏洞信息

23836
Dwarf HTTP Crafted Request Script Source Disclosure
Remote / Network Access Input Manipulation
Loss of Confidentiality
Vendor Verified

- 漏洞描述

Dwarf HTTP contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker makes a specially crafted request using dot, space, slash and NULL characters which will disclose script source code resulting in a loss of confidentiality.

- 时间线

2006-03-13 2006-02-17
Unknow Unknow

- 解决方案

Upgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Dwarf HTTP Server Multiple Input Validation Vulnerabilities
Input Validation Error 17123
Yes No
2006-03-15 12:00:00 2006-03-17 06:15:00
Tan Chew Keong is credited with the discovery of these vulnerabilities.

- 受影响的程序版本

gnome.sk Dwarf HTTP Server 1.3.2
gnome.sk Dwarf HTTP Server 1.3.1
gnome.sk Dwarf HTTP Server 1.3.3

- 不受影响的程序版本

gnome.sk Dwarf HTTP Server 1.3.3

- 漏洞讨论


Dwarf HTTP Server is prone to multiple input-validation vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input.

An attacker may conduct cross-site scripting attacks and disclose sensitive information.

Versions 1.3.2. and prior are vulnerable; other versions may also be affected.

- 漏洞利用

These issues can be exploited via a web client.

- 解决方案

The vendor has released version 1.3.3. to address these issues.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站