Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access

EDB-ID:

30038




Platform:

Windows

Date:

2007-05-15


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

source: https://www.securityfocus.com/bid/23985/info
 
Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.
 
Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.
 
Resin 3.1.0 is vulnerable; other versions may also be affected.
 
NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows. 

http://www.example.com:8080/%20..\web-inf