JBOSS 3.2.2 up to and including 3.2.7 and 4.0.2 allows remote malicious users to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jboss jboss 3.2.2 |
||
jboss jboss 3.2.5 |
||
jboss jboss 3.2.6 |
||
jboss jboss 3.2.7 |
||
jboss jboss 4.0.2 |
||
jboss jboss 3.2.3 |
||
jboss jboss 3.2.4 |