Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure
| EKU-ID: 36516 | CVE: CVE-2005-4703;OSVDB-20033 | OSVDB-ID: |
| Author: security curmudgeon | Published: 2005-10-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 36516 | CVE: CVE-2005-4703;OSVDB-20033 | OSVDB-ID: |
| Author: security curmudgeon | Published: 2005-10-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/28484/info Apache Tomcat is prone to an information-disclosure vulnerability when handling requests that contain MS-DOS device names. Attackers can leverage this issue to obtain potentially sensitive data that could aid in other attacks. Tomcat 4.0.3 running on Windows is vulnerable; other versions may also be affected. The following example request is available: GET /lpt9.xtp