CVE-2005-4703

Apache Tomcat 4.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4703. PoCs published by security curmudgeon.

AI-analyzed exploit summary This exploit leverages an information-disclosure vulnerability in Apache Tomcat by sending a request containing an MS-DOS device name (e.g., 'lpt9.xtp'). The vulnerability allows attackers to retrieve sensitive data due to improper handling of such requests.

Description

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Exploits (1)

exploitdb WORKING POC VERIFIED
by security curmudgeon · textremotemultiple
https://www.exploit-db.com/exploits/31551

This exploit leverages an information-disclosure vulnerability in Apache Tomcat by sending a request containing an MS-DOS device name (e.g., 'lpt9.xtp'). The vulnerability allows attackers to retrieve sensitive data due to improper handling of such requests.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache Tomcat 4.0.3 (Windows)
No auth needed
Prerequisites: Apache Tomcat 4.0.3 running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Various Sources x_refsource_confirm
http://tomcat.apache.org/security-4.html
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/20033
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42914
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28484

Scores

EPSS 0.1835
EPSS Percentile 95.4%

Details

Status published
Products (2)
apache/tomcat 4.0.3
org.apache.tomcat/tomcat 0Maven
Published Dec 31, 2005
Tracked Since Feb 18, 2026