CVE-2005-2006

2005-06-1704:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.039

Percentile

92.0%

JSON

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a “%.” (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

Affected configurations

Nvd

Node

jbossjbossMatch3.2.2

jbossjbossMatch3.2.3

jbossjbossMatch3.2.4

jbossjbossMatch3.2.5

jbossjbossMatch3.2.6

jbossjbossMatch3.2.7

jbossjbossMatch4.0.2

VendorProductVersionCPE
jbossjboss3.2.2cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*
jbossjboss3.2.3cpe:2.3:a:jboss:jboss:3.2.3:*:*:*:*:*:*:*
jbossjboss3.2.4cpe:2.3:a:jboss:jboss:3.2.4:*:*:*:*:*:*:*
jbossjboss3.2.5cpe:2.3:a:jboss:jboss:3.2.5:*:*:*:*:*:*:*
jbossjboss3.2.6cpe:2.3:a:jboss:jboss:3.2.6:*:*:*:*:*:*:*
jbossjboss3.2.7cpe:2.3:a:jboss:jboss:3.2.7:*:*:*:*:*:*:*
jbossjboss4.0.2cpe:2.3:a:jboss:jboss:4.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jboss	jboss	3.2.2	cpe:2.3:a:jboss:jboss:3.2.2:::::::*
jboss	jboss	3.2.3	cpe:2.3:a:jboss:jboss:3.2.3:::::::*
jboss	jboss	3.2.4	cpe:2.3:a:jboss:jboss:3.2.4:::::::*
jboss	jboss	3.2.5	cpe:2.3:a:jboss:jboss:3.2.5:::::::*
jboss	jboss	3.2.6	cpe:2.3:a:jboss:jboss:3.2.6:::::::*
jboss	jboss	3.2.7	cpe:2.3:a:jboss:jboss:3.2.7:::::::*
jboss	jboss	4.0.2	cpe:2.3:a:jboss:jboss:4.0.2:::::::*