PT-2005-5368 · Microsoft+2 · Windows+2
Publicado
2005-12-31
·
Atualizado
2022-05-01
·
CVE-2005-4703
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat version 4.0.3
Description
The issue allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name, such as
lpt9, which leaks the pathname in an error message. This can be demonstrated by requesting lpt9.xtp using Nikto. The issue only affects Windows operating systems.Recommendations
For Apache Tomcat version 4.0.3, update to version 4.1.3 or later to resolve the issue.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Tomcat
Nikto
Windows