Unrated severityNVD Advisory· Published Jun 17, 2005· Updated Apr 16, 2026
CVE-2005-2006
CVE-2005-2006
Description
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Affected products
7cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:jboss:jboss:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:jboss:jboss:4.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/15746nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.htmlnvd
- marc.infonvd
- secunia.com/advisories/17559nvd
- secunia.com/advisories/18789nvd
- securityreason.com/securityalert/439nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/440641/100/100/threadednvd
- www.securityfocus.com/bid/13985nvd
- www.vupen.com/english/advisories/2005/0815nvd
- www.vupen.com/english/advisories/2006/0497nvd
- www1.itrc.hp.com/service/cki/docDisplay.donvd
News mentions
0No linked articles in our index yet.