| VID |
22444 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Caucho Resin server is vulnerable to a hidden WEB-INF directory traversal attack. Caucho Resin is a servlet and JSP server. Caucho Resin version 3.1.0 and earlier versions could allow a remote attacker to view arbitrary files on the affected host. By sending a specially-crafted URL request containing a URL encoded space character (%20), a remote attacker could traverse the hidden WEB-INF directory and view any file on the affected host.
* References:
http://www.caucho.com/resin-3.1/changes/changes.xtp
http://www.rapid7.com/advisories/R7-0029.jsp
http://www.frsirt.com/english/advisories/2007/1824
http://securitytracker.com/alerts/2007/May/1018061.html
http://secunia.com/advisories/25286
* Platforms Affected:
Caucho Technology, Inc., Resin version 3.1.0 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Caucho Resin (3.1.1 or later), available from the Caucho Technology Download Web site at http://caucho.com/products/resin/download |
| Related URL |
CVE-2007-2440 (CVE) |
| Related URL |
23985 (SecurityFocus) |
| Related URL |
34296 (ISS) |
|
