5

CVE-2005-2006

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JbossJboss Version3.2.2
JbossJboss Version3.2.3
JbossJboss Version3.2.4
JbossJboss Version3.2.5
JbossJboss Version3.2.6
JbossJboss Version3.2.7
JbossJboss Version4.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.23% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
http://marc.info/?l=bugtraq&m=111911095424496&w=2
http://secunia.com/advisories/15746
Vendor Advisory
http://secunia.com/advisories/17559
http://secunia.com/advisories/18789
http://securityreason.com/securityalert/439
http://securitytracker.com/id?1015605
http://www.securityfocus.com/archive/1/440641/100/100/threaded
http://www.securityfocus.com/bid/13985
http://www.vupen.com/english/advisories/2005/0815
http://www.vupen.com/english/advisories/2006/0497
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967