CVE-2006-3936

Sažetak

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

Reference

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt
http://secunia.com/advisories/21193
http://securityreason.com/securityalert/1302
http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip
http://www.opencms.org/opencms/en/shownews.html?id=1002
http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28001

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-10-2018 - 21:32

Objavljeno

31-07-2006 - 22:04