CVE-2005-2006

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:4.0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-06-17 04:00

Updated : 2024-02-28 10:42


NVD link : CVE-2005-2006

Mitre link : CVE-2005-2006

CVE.ORG link : CVE-2005-2006


JSON object : View

Products Affected

jboss

  • jboss