CVE-2005-2006 | Vulnerability Database | Aqua Security

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a %. (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

Affected Software

Name	Vendor	Start Version	End Version
Jboss	Jboss	3.2.2 (including)	3.2.2 (including)
Jboss	Jboss	3.2.3 (including)	3.2.3 (including)
Jboss	Jboss	3.2.4 (including)	3.2.4 (including)
Jboss	Jboss	3.2.5 (including)	3.2.5 (including)
Jboss	Jboss	3.2.6 (including)	3.2.6 (including)
Jboss	Jboss	3.2.7 (including)	3.2.7 (including)
Jboss	Jboss	4.0.2 (including)	4.0.2 (including)

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html
http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2
http://secunia.com/advisories/15746
http://secunia.com/advisories/17559
http://secunia.com/advisories/18789
http://securityreason.com/securityalert/439
http://securitytracker.com/id?1015605
http://www.securityfocus.com/archive/1/440641/100/100/threaded
http://www.securityfocus.com/bid/13985
http://www.vupen.com/english/advisories/2005/0815
http://www.vupen.com/english/advisories/2006/0497
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2006
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html