CVE-2005-4147

Name of the Vulnerable Software and Affected Versions Lyris ListManager versions prior to 8.9b

Description The issue allows remote attackers to obtain source code for arbitrary .tml (TCL) files. This can be achieved by sending a request with a trailing null byte (%00), and in some cases, an authentication bypass step may be required, involving a username with a trailing "@" character.

Recommendations For versions prior to 8.9b, update to version 8.9b or later to resolve the issue. As a temporary workaround, consider restricting access to the TCLHTTPd service to minimize the risk of exploitation. Avoid using usernames with trailing "@" characters in the authentication process until the issue is resolved.