CVE-2005-2006

JBOSS 3.2.2-4.0.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2006. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in JBoss WebServer (3.2.x and 4.0.2) by sending malformed HTTP requests to port 8083, revealing installation paths or downloading configuration files due to insufficient input sanitization.

Description

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Marc Schoenefeld · textremotemultiple
https://www.exploit-db.com/exploits/25842

The exploit demonstrates an information disclosure vulnerability in JBoss WebServer (3.2.x and 4.0.2) by sending malformed HTTP requests to port 8083, revealing installation paths or downloading configuration files due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: JBoss WebServer 3.2.x, 4.0.2
No auth needed
Prerequisites: Network access to JBoss WebServer port 8083
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/439
Various Sources vendor-advisory x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0815
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15746
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13985
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17559
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18789
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015605
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440641/100/100/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0497
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111911095424496&w=2

Scores

EPSS 0.0923
EPSS Percentile 94.7%

Details

Status published
Products (7)
jboss/jboss 3.2.2
jboss/jboss 3.2.3
jboss/jboss 3.2.4
jboss/jboss 3.2.5
jboss/jboss 3.2.6
jboss/jboss 3.2.7
jboss/jboss 4.0.2
Published Jun 17, 2005
Tracked Since Feb 18, 2026