| VID |
22414 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Caucho Resin server is vulnerable to a directory traversal vulnerability via a URL encoded backslash (%5C). Caucho Resin is a servlet and JSP server. Caucho Resin versions 3.0.17 and 3.0.18 for Microsoft Windows platforms could allow a remote attacker to traverse directories on the default Web server running on port 8080. By sending a specially-crafted URL request containing a URL encoded backslash (%5C), a remote attacker could traverse directories and read arbitrary files on the affected host.
* References:
http://www.caucho.com/download/changes.xtp
http://www.securityfocus.com/archive/1/434150/30/0/threaded
http://www.rapid7.com/advisories/R7-0024.html
http://secunia.com/advisories/20125/
* Platforms Affected:
Caucho Technology, Inc., Resin 3.0.17
Caucho Technology, Inc., Resin 3.0.18
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Caucho Resin (3.0.19 or later), available from the Caucho Technology Download Web site at http://caucho.com/products/resin/download |
| Related URL |
CVE-2006-1953 (CVE) |
| Related URL |
18005 (SecurityFocus) |
| Related URL |
26478 (ISS) |
|
