| VID |
22055 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Resin server allows a remote attacker to read arbitrary files on the web server by prepending /\../\../ in front on the file name. Resin is a freely available Web server, developed by Caucho Technology. Resin version 1.2.2 is known to be vulnerable. A remote attacker can send a URL request containing "dot dot" sequences (../) preceded by a backslash (\) to traverse directories outside of the Web root. |
| Recommendation |
Upgrade to Resin 1.2.3, available for download from Caucho Technologies Web site, "Download" at http://www.caucho.com/download/ |
| Related URL |
CVE-2001-0304 (CVE) |
| Related URL |
2384 (SecurityFocus) |
| Related URL |
6118 (ISS) |
|
