The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-10T11:00:00
Updated: 2024-08-07T23:38:50.747Z
Reserved: 2005-12-10T00:00:00
Link: CVE-2005-4147
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-10T11:03:00.000
Modified: 2018-10-19T15:40:26.363
Link: CVE-2005-4147
Redhat
No data.