GSA_kwCzR0hTQS1jNXZ3LTM0MmgteDVyeM2Jmw

Moderate EPSS: 0.00404% (0.59796 Percentile) EPSS:

Permalink JSON

Alkacon OpenCms Exposes JSP Source Code

Affected Packages	Affected Versions	Fixed Versions
maven:org.opencms:opencms-core	< 6.2.2	6.2.2
127 Dependent packages 22 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.5.0, 8.5.1, 8.5.2, 9.0.0, 9.0.1, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 10.0.0, 10.0.1, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 11.0.0, 11.0.1, 11.0.2

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

References:

https://nvd.nist.gov/vuln/detail/CVE-2006-3936
https://exchange.xforce.ibmcloud.com/vulnerabilities/28001
http://www.opencms.org/opencms/en/shownews.html?id=1002
https://web.archive.org/web/20061014175017/http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt
https://web.archive.org/web/20201208142708/http://www.securityfocus.com/archive/1/441182/100/0/threaded
https://github.com/advisories/GHSA-c5vw-342h-x5rx

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1jNXZ3LTM0MmgteDVyeM2Jmw

Alkacon OpenCms Exposes JSP Source Code

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API