Vulners
Lucene search
Resin DOS device path disclosure
🗓️ 03 Nov 2005 00:00:00Reported by This script is Copyright (C) 2002 Michel ArboiType 
openvas🔗 plugins.openvas.org👁 21 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Resin < 2.1s020604 MS-DOS Device Path Disclosure | 18 Aug 200400:00 | – | nessus |
| Resin MS-DOS Device Request Path Disclosure | 17 Jul 200200:00 | – | nessus |
 | CVE-2002-2090 | 5 Aug 200504:00 | – | cve |
 | CVE-2002-2090 | 5 Aug 200504:00 | – | cvelist |
 | EUVD-2002-2069 | 7 Oct 202500:30 | – | euvd |
 | CVE-2002-2090 | 31 Dec 200205:00 | – | nvd |
| Caucho Resin <= 2.1.2 Information Disclosure Vulnerability | 3 Nov 200500:00 | – | openvas |
 | CVE-2002-2090 | 21 May 202520:32 | – | redhatcve |
# OpenVAS Vulnerability Test
# $Id: resin_path_disclosure.nasl 6702 2017-07-12 13:49:41Z cfischer $
# Description: Resin DOS device path disclosure
#
# Authors:
# Michel Arboi <[email protected]>
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
# Erik Anderson <[email protected]>
# Added BugtraqID
#
# Copyright:
# Copyright (C) 2002 Michel Arboi
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "Resin will reveal the physical path of the webroot
when asked for a special DOS device, e.g. lpt9.xtp
An attacker may use this flaw to gain further knowledge
about the remote filesystem layout.";
tag_solution = "Upgrade to a later software version.";
# Source:
# From:"Peter_Gründl" <[email protected]>
# To:"bugtraq" <[email protected]>
# Subject: KPMG-2002033: Resin DOS device path disclosure
# Date: Wed, 17 Jul 2002 11:33:59 +0200
if(description)
{
script_id(11048);
script_version("$Revision: 6702 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-12 15:49:41 +0200 (Wed, 12 Jul 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_cve_id("CVE-2002-2090");
script_bugtraq_id(5252);
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Resin DOS device path disclosure");
script_category(ACT_MIXED_ATTACK);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("This script is Copyright (C) 2002 Michel Arboi");
script_family("Web application abuses");
script_dependencies("gb_get_http_banner.nasl", "no404.nasl");
script_mandatory_keys("Resin/banner");
script_require_ports("Services/www", 80);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("http_func.inc");
port = get_http_port(default:8282);
# Requesting a DOS device may hang some servers
# According to Peter Gründl's advisory:
# Vulnerable:
# Resin 2.1.1 on Windows 2000 Server
# Resin 2.1.2 on Windows 2000 Server
# <[email protected]> added Resin 2.1.0
# Not Vulnerable:
# Resin 2.1.s020711 on Windows 2000 Server
#
# The banner for snapshot 020604 looks like this:
# Server: Resin/2.1.s020604
banner = get_http_banner(port: port);
vulnver=0;
if ( "Resin/" >!< banner ) exit(0);
# I suppose that any 2.1 snapshot is all right.
if (egrep(pattern: "^Server: *Resin/2\.((0\..*)|(1\.[0-2]))",
string: banner, icase: 1) ) vulnver=1;
if (safe_checks())
{
if (vulnver)
{
msg = string(
"OpenVAS solely relied on the version number of your\n",
"*** server, so this may be a false alert.\n");
security_message(port: port, data: msg);
}
exit(0);
}
soc = open_sock_tcp(port);
if(!soc) exit(0);
req = http_get(item:"/aux.xtp", port:port);
send(socket:soc, data:req);
h = http_recv_headers2(socket:soc);
r = http_recv_body(socket:soc, headers:h);
close(soc);
badreq=0; vuln=0;
if(egrep(pattern: "^500 ", string: h)) badreq=1;
if (egrep(pattern: "[CDE]:\\(.*\\)*aux.xtp", string:r)) vuln=1;
if (vuln) {
path = egrep(pattern: "[CDE]:\\(.*\\)*aux.xtp", string:r);
path = ereg_replace(pattern:".*([CDE]:\\.*aux\.xtp).*", string:path, replace:"\1");
msg = "The remote web server reveals the physical path of the
webroot when asked for a special DOS device, e.g. lpt9.xtp
For instance, requesting :
GET /aux.xtp
Returns the following path(s) :
" + path + "
An attacker may use this flaw to gain further knowledge
about the remote filesystem layout.
Solution: Upgrade to a later software version.";
security_message(port:port, data:msg); exit(0);
}
if (vulnver) {
msg = string(
"The version number of your server looks vulnerable\n",
"*** but the attack did not succeed, so this may be a false alert.\n");
security_message(port: port, data: msg);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jul 2017 00:00Current
EPSS0.00346