Caucho Resin 3.1 Encoded Space %20 Request Path Disclosure
2007-05-15T00:00:00
ID EDB-ID:30037 Type exploitdb Reporter Derek Abdine Modified 2007-05-15T00:00:00
Description
Caucho Resin 3.1 Encoded Space (%20) Request Path Disclosure. CVE-2007-2441. Remote exploit for windows platform
source: http://www.securityfocus.com/bid/23985/info
Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.
Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.
Resin 3.1.0 is vulnerable; other versions may also be affected.
NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows.
http://www.example.com:8080/%20
{"id": "EDB-ID:30037", "hash": "f5ee416c06c7d44cf72c0ae8a8cb6327", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Caucho Resin 3.1 Encoded Space %20 Request Path Disclosure", "description": "Caucho Resin 3.1 Encoded Space (%20) Request Path Disclosure. CVE-2007-2441. Remote exploit for windows platform", "published": "2007-05-15T00:00:00", "modified": "2007-05-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/30037/", "reporter": "Derek Abdine", "references": [], "cvelist": ["CVE-2007-2441"], "lastseen": "2016-02-03T11:38:23", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2016-02-03T11:38:23"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2441"]}, {"type": "osvdb", "idList": ["OSVDB:36057"]}], "modified": "2016-02-03T11:38:23"}, "vulnersScore": 5.9}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/30037/", "sourceData": "source: http://www.securityfocus.com/bid/23985/info\r\n\r\nCaucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.\r\n\r\nAttackers can exploit these issues to access potentially sensitive data that may aid in further attacks.\r\n\r\nResin 3.1.0 is vulnerable; other versions may also be affected.\r\n\r\nNOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows. \r\n\r\nhttp://www.example.com:8080/%20", "osvdbidlist": ["36057"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:59", "bulletinFamily": "NVD", "description": "Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.", "modified": "2017-07-29T01:31:00", "id": "CVE-2007-2441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2441", "published": "2007-05-16T19:28:00", "title": "CVE-2007-2441", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]:8080/%20\nhttp://[target]:8080/[webapp]/%20.xtp\n## References:\nVendor Specific News/Changelog Entry: http://www.caucho.com/resin-3.1/changes/changes.xtp\nSecurity Tracker: 1018061\n[Secunia Advisory ID:25286](https://secuniaresearch.flexerasoftware.com/advisories/25286/)\n[Related OSVDB ID: 36058](https://vulners.com/osvdb/OSVDB:36058)\n[Related OSVDB ID: 36059](https://vulners.com/osvdb/OSVDB:36059)\nOther Advisory URL: http://www.rapid7.com/advisories/R7-0030.jsp\nISS X-Force ID: 34293\nFrSIRT Advisory: ADV-2007-1824\n[CVE-2007-2441](https://vulners.com/cve/CVE-2007-2441)\nBugtraq ID: 23985\n", "modified": "2007-05-14T09:03:48", "published": "2007-05-14T09:03:48", "href": "https://vulners.com/osvdb/OSVDB:36057", "id": "OSVDB:36057", "title": "Caucho Resin on Windows %20 Request Path Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}