>> Caucho Resin Server Directory Traversal and Information Disclosure Vulnerabilities
Title : Caucho Resin Server Directory Traversal and Information Disclosure Vulnerabilities VUPEN ID : VUPEN/ADV-2006-1831 CVE ID : CVE-2006-1953 - CVE-2006-2437 - CVE-2006-2438
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-16
Technical Description
Multiple vulnerabilities have been identified in Caucho Resin Server, which may be exploited by remote attackers to access arbitrary files outside of the web root directory or gain knowledge of sensitive information.
The first flaw is due to an input validation error when processing specially crafted HTTP requests containing the "%5C" sequence, which could be exploited by remote attackers to access and read the contents of arbitrary files on a vulnerable system.
The second issue is due to an input validation error in the "resin-doc/viewfile/" script that does not validate the "file" parameter, which could be exploited by attackers to determine the installation path or disclose the contents of arbitrary files.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
