Description

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Remediation

References

CVE-2005-4703

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10081)

Django Resource Management Errors Vulnerability (CVE-2015-5963)

WordPress Plugin TwitterCart Security Bypass (2.0)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Cross-Site Scripting Vulnerabilities (1.16.8)

WordPress Plugin Welcart e-Commerce Multiple SQL Injection Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2005-4703

Tags

Missing Update Known Vulnerabilities