| ID |
CVE-2005-2006
|
| Summary |
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.4:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.6:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:3.2.7:*:*:*:*:*:*:*
-
cpe:2.3:a:jboss:jboss:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:jboss:jboss:4.0.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 19-10-2018 - 15:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| d2sec
via4
|
|
| refmap
via4
|
| bid | 13985 | | bugtraq | - 20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting
- 20060720 Cisco MARS < 4.2.1 remote compromise
| | fulldisc | 20060720 Cisco MARS < 4.2.1 remote compromise | | hp | | | sectrack | 1015605 | | secunia | | | sreason | 439 | | suse | SUSE-SR:2005:026 | | vupen | - ADV-2005-0815
- ADV-2006-0497
|
|
| Last major update |
19-10-2018 - 15:32 |
| Published |
17-06-2005 - 04:00 |
| Last modified |
19-10-2018 - 15:32 |
