Caucho Resin 3.1 Encoded Space %20 Request Path Disclosure

2007-05-15T00:00:00
ID EDB-ID:30037
Type exploitdb
Reporter Derek Abdine
Modified 2007-05-15T00:00:00

Description

Caucho Resin 3.1 Encoded Space (%20) Request Path Disclosure. CVE-2007-2441. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/23985/info

Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Resin 3.1.0 is vulnerable; other versions may also be affected.

NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows. 

http://www.example.com:8080/%20