Caucho Resin Traversal Arbitrary File Access

2001-02-15T00:00:00
ID OSVDB:544
Type osvdb
Reporter OSVDB
Modified 2001-02-15T00:00:00

Description

Vulnerability Description

Caucho Resin contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Solution Description

Upgrade to version 1.2.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Caucho Resin contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

Manual Testing Notes

http://[victim]:8080/../readme.txt

References:

Vendor URL: http://www.caucho.com/ Nessus Plugin ID:10656 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0315.html Keyword: Directory Traversal ISS X-Force ID: 6118 CVE-2001-0304 Bugtraq ID: 2384