CVE-2005-2006

Name of the Vulnerable Software and Affected Versions JBOSS versions 3.2.2 through 3.2.7 JBOSS version 4.0.2

Description The issue allows remote attackers to obtain sensitive information via a GET request. This can be achieved in two ways: (1) by using a "%." (percent dot) in the request, which reveals the installation path, or (2) by using a "%" (percent) before a filename, which reveals the contents of the file.

Recommendations For JBOSS versions 3.2.2 through 3.2.7, consider restricting access to sensitive files and directories to minimize the risk of information disclosure. For JBOSS version 4.0.2, avoid using the "%" character in filenames and directory paths until a fix is available. As a temporary workaround, consider disabling the handling of "%" characters in GET requests until a patch is available.