CVE-2005-3747: Exposure of Sensitive Information to an Unauthorized Actor

May 1, 2022 (updated September 18, 2023)

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.

References

sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322
www.securityfocus.com/archive/1/450315/100/0/threaded
www.securityfocus.com/bid/15515
github.com/advisories/GHSA-cwq3-qp8v-w8q3
nvd.nist.gov/vuln/detail/CVE-2005-3747

Code Behaviors & Features

Detect and mitigate CVE-2005-3747 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →