CVE-2005-3747

Jetty < 5.1.6 - Unauthenticated Source Code Exposure via URL-Encoded Backslash

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3747.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Promise WebPAM v2.2.0.13, including SQL injection via 'entSortOrder' and 'entSort' parameters, XSS via 'startTime' and 'endTime', HTTP Response Splitting via 'userID', and Source Code Disclosure via null byte injection. The PoC provides direct URLs to trigger these vulnerabilities.

Description

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/18571

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Promise WebPAM v2.2.0.13, including SQL injection via 'entSortOrder' and 'entSort' parameters, XSS via 'startTime' and 'endTime', HTTP Response Splitting via 'userID', and Source Code Disclosure via null byte injection. The PoC provides direct URLs to trigger these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: Promise WebPAM v2.2.0.13

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Core References

Patch x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/archive/1/450315/100/0/threaded

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/2515

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15515

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22669

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17659

Scores

EPSS 0.1941

EPSS Percentile 95.5%

Details

CWE

CWE-200

Status published

Products (41)

mortbay/jetty 1.0

mortbay/jetty 1.0.1

mortbay/jetty 1.1

mortbay/jetty 1.1.1

mortbay/jetty 1.2.0

mortbay/jetty 1.3.0

mortbay/jetty 1.3.1

mortbay/jetty 1.3.2

mortbay/jetty 1.3.3

mortbay/jetty 1.3.4

... and 31 more

Published Nov 22, 2005

Tracked Since Feb 18, 2026