PT-2005-5368 · Microsoft+2 · Windows+2
Published
2005-12-31
·
Updated
2022-05-01
·
CVE-2005-4703
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat version 4.0.3
Description
The issue allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name, such as
lpt9, which leaks the pathname in an error message. This can be demonstrated by requesting lpt9.xtp using Nikto. The issue only affects Windows operating systems.Recommendations
For Apache Tomcat version 4.0.3, update to version 4.1.3 or later to resolve the issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat
Nikto
Windows