EUVD-2006-2438

Malware in sbrugna...

Resin viewfile Servlet file Parameter XSS

The remote host is running Resin, an application server. The 'viewfile' Servlet included with the version of Resin installed on the remote host fails to sanitize user input to the 'file' parameter before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject...

CVE-2006-2438

Directory traversal vulnerability in the viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the...

Directory traversal

Directory traversal vulnerability in the viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the...

CVE-2006-2437

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...

CVE-2006-2438

CVE-2006-2438 is a directory traversal in Resin’s viewfile servlet (resin-doc) affecting Resin 3.0.17 and 3.0.18. An unauthenticated remote attacker can read arbitrary files under other web roots via the contextpath parameter, with potential path disclosure when the parameter is invalid. The issu...

CVE-2006-2438

Directory traversal vulnerability in the viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the...