Vulnerabilities > CVE-2005-2006 - Remote Information Disclosure vulnerability in JBoss Malformed HTTP Request
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
D2sec
name | RedHat JBoss File Disclosure |
url | http://www.d2sec.com/exploits/redhat_jboss_file_disclosure.html |
Nessus
NASL family | CGI abuses |
NASL id | JBOSS_CONFIG_DISCLOSURE.NASL |
description | The remote JBoss server is vulnerable to an information disclosure flaw that could allow an attacker to retrieve the physical path of the server installation, its security policy, or to guess its exact version number. An attacker may use this flaw to gain more information about the remote configuration. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18526 |
published | 2005-06-18 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18526 |
title | JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID) |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
- http://marc.info/?l=bugtraq&m=111911095424496&w=2
- http://secunia.com/advisories/15746
- http://secunia.com/advisories/17559
- http://secunia.com/advisories/18789
- http://securityreason.com/securityalert/439
- http://securitytracker.com/id?1015605
- http://www.securityfocus.com/archive/1/440641/100/100/threaded
- http://www.securityfocus.com/bid/13985
- http://www.vupen.com/english/advisories/2005/0815
- http://www.vupen.com/english/advisories/2006/0497
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967