Vulnerabilities > CVE-2005-4703 - Unspecified vulnerability in Apache Tomcat 4.0.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
exploit available
Summary
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Apache Tomcat 4.0.3 Requests Containing MS-DOS Device Names Information Disclosure Vulnerability. CVE-2005-4703. Remote exploits for multiple platform |
id | EDB-ID:31551 |
last seen | 2016-02-03 |
modified | 2005-10-14 |
published | 2005-10-14 |
reporter | security curmudgeon |
source | https://www.exploit-db.com/download/31551/ |
title | Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure Vulnerability |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 28484 CVE ID: CVE-2005-4703 CNCVE ID:CNCVE-20054703 Tomcat是一款由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器。 Apache Tomcat 4.0.3不正确处理包含MS-DOS设备名的请求,远程攻击者可以利用漏洞获得敏感信息。 当请求的文件匹配MS-DOS文件名时,就会出现错误。服务器会返回包含安装路径等敏感信息。 Apache Software Foundation Tomcat 4.0.3 Apache Software Foundation Tomcat 4.0.3 Apache Software Foundation apache-tomcat-4.1.37.tar.gz <a href=http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache- target=_blank>http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-</a> tomcat-4.1.37.tar.gz |
id | SSV:3102 |
last seen | 2017-11-19 |
modified | 2008-03-29 |
published | 2008-03-29 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-3102 |
title | Apache Tomcat处理包含MS-DOS设备名请求信息泄漏漏洞 |
References
- http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt
- http://www.osvdb.org/20033
- http://tomcat.apache.org/security-4.html
- http://www.securityfocus.com/bid/28484
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42914
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E