Vulnerabilities > CVE-2005-4703 - Unspecified vulnerability in Apache Tomcat 4.0.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apache

exploit available

NVD

Published: 2005-12-31

Updated: 2023-11-07

Summary

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Tomcat 4.0.3	1

Exploit-Db

description	Apache Tomcat 4.0.3 Requests Containing MS-DOS Device Names Information Disclosure Vulnerability. CVE-2005-4703. Remote exploits for multiple platform
id	EDB-ID:31551
last seen	2016-02-03
modified	2005-10-14
published	2005-10-14
reporter	security curmudgeon
source	https://www.exploit-db.com/download/31551/
title	Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure Vulnerability

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 28484 CVE ID: CVE-2005-4703 CNCVE ID:CNCVE-20054703 Tomcat是一款由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器。 Apache Tomcat 4.0.3不正确处理包含MS-DOS设备名的请求，远程攻击者可以利用漏洞获得敏感信息。当请求的文件匹配MS-DOS文件名时，就会出现错误。服务器会返回包含安装路径等敏感信息。 Apache Software Foundation Tomcat 4.0.3 Apache Software Foundation Tomcat 4.0.3 Apache Software Foundation apache-tomcat-4.1.37.tar.gz <a href=http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache- target=_blank>http://mirror.lemonfree.com/apache/tomcat/tomcat-4/v4.1.37/bin/apache-</a> tomcat-4.1.37.tar.gz
id	SSV:3102
last seen	2017-11-19
modified	2008-03-29
published	2008-03-29
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-3102
title	Apache Tomcat处理包含MS-DOS设备名请求信息泄漏漏洞

Summary

Vulnerable Configurations

Exploit-Db

Seebug

References