source: http://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected directory, '/WEB-INF/classes/'. Unfortunately, this protection can be bypassed due to an input validation bug in the Resin webserver. If an attacker inserts the substring '.jsp' before the path of the JavaBean in the request, the webserver will incorrectly interpret the request and serve the contents of the requested JavaBean to the client. An attacker exploiting this may be able to gain sensitive information contained in the JavaBeans. http://target/.jsp/WEB-INF/classes/filename
Related Exploits
Trying to match CVEs (1): CVE-2001-0399Trying to match OSVDBs (1): 13868
Other Possible E-DB Search Terms: Caucho Technology Resin 1.2/1.3, Caucho Technology Resin 1.2, Caucho Technology Resin
Date | D | V | Title | Author |
---|---|---|---|---|
2001-02-16 |
![]() |
caucho Technology resin 1.2 - Directory Traversal | joetesta | |
2000-11-23 |
![]() |
Caucho Technology Resin 1.2 - JSP Source Disclosure | benjurry | |
2004-02-09 |
![]() |
Caucho Technology Resin 2.1.12 - Directory Listings Disclosure | Wang Yun |