Description
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Marc Schoenefeld · textremotemultiple
https://www.exploit-db.com/exploits/25842
References (12)
Core 12
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/439
Various Sources vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0815
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15746
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13985
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17559
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18789
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015605
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440641/100/100/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0497
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111911095424496&w=2
Scores
EPSS
0.1459
EPSS Percentile
94.5%
Details
Status
published
Products (7)
jboss/jboss
3.2.2
jboss/jboss
3.2.3
jboss/jboss
3.2.4
jboss/jboss
3.2.5
jboss/jboss
3.2.6
jboss/jboss
3.2.7
jboss/jboss
4.0.2
Published
Jun 17, 2005
Tracked Since
Feb 18, 2026