Alkacon OpenCms editor.jsp Arbitrary JSP File Source Disclosure

ID OSVDB:27552
Type osvdb
Reporter Meder Kydyraliev(
Modified 2006-07-21T12:04:08


Technical Description

For the program to display the source, the JSP file must be locked by another user.

Solution Description

Upgrade to version 6.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes



Vendor URL: Secunia Advisory ID:21193 Related OSVDB ID: 27554 Related OSVDB ID: 27559 Related OSVDB ID: 27551 Other Advisory URL: Mail List Post: CVE-2006-3936