Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-2006

Published: 17/06/2005 Updated: 19/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 506
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jboss

Vulnerability Summary

JBOSS 3.2.2 up to and including 3.2.7 and 4.0.2 allows remote malicious users to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

Vulnerable Product Search on Vulmon Subscribe to Product

jboss jboss 3.2.2

jboss jboss 3.2.5

jboss jboss 3.2.6

jboss jboss 3.2.7

jboss jboss 4.0.2

jboss jboss 3.2.3

jboss jboss 3.2.4

Exploits

Exploit DB: JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure
source: wwwsecurityfocuscom/bid/13985/info JBoss is prone to a remote information-disclosure vulnerability The issue occurs in the 'orgjbosswebWebServer' class and is due to a lack of sufficient sanitization of user-supplied request data Information that attackers can harvest through leveraging this issue may aid in further attacks ...

Github Repositories

https://github.com/qashqao/clusterd

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python >= 27x Requests >= 22x Installation The re

https://github.com/hatRiot/clusterd

application server attack toolkit

clusterd clusterd is an open source application server attack toolkit Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack See the wiki for more information Requirements Python >= 27x Requests >= 22x Installation The re

References

NVD-CWE-Otherhttp://secunia.com/advisories/15746http://secunia.com/advisories/17559http://www.securityfocus.com/bid/13985http://securitytracker.com/id?1015605http://secunia.com/advisories/18789http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.htmlhttp://securityreason.com/securityalert/439http://www.vupen.com/english/advisories/2006/0497http://www.vupen.com/english/advisories/2005/0815http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967http://marc.info/?l=bugtraq&m=111911095424496&w=2http://www.securityfocus.com/archive/1/440641/100/100/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/25842/https://github.com/hatRiot/clusterd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook