Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure Vulnerability

2005-10-14T00:00:00
ID EDB-ID:31551
Type exploitdb
Reporter security curmudgeon
Modified 2005-10-14T00:00:00

Description

Apache Tomcat 4.0.3 Requests Containing MS-DOS Device Names Information Disclosure Vulnerability. CVE-2005-4703. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/28484/info

Apache Tomcat is prone to an information-disclosure vulnerability when handling requests that contain MS-DOS device names.

Attackers can leverage this issue to obtain potentially sensitive data that could aid in other attacks.

Tomcat 4.0.3 running on Windows is vulnerable; other versions may also be affected.

The following example request is available:

GET /lpt9.xtp