Resin Security Vulnerabilities and Issues — Resin CVE List

Lucene search

Caucho TechnologyResin

6 matches found

cve•added 2005/05/19 4:0 a.m.•46 views

CVE-2000-1224

Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.

5CVSS7.2AI score0.04645EPSS

cve•added 2005/08/05 4:0 a.m.•42 views

CVE-2002-2090

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.

5CVSS6.6AI score0.00346EPSS

cve•added 2005/07/14 4:0 a.m.•41 views

CVE-2002-1988

Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.

5CVSS7AI score0.00739EPSS

cve•added 2005/07/14 4:0 a.m.•39 views

CVE-2002-1987

Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a ".." (backslash dot dot).

5CVSS7AI score0.00229EPSS

cve•added 2005/07/14 4:0 a.m.•35 views

CVE-2002-1989

Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.

5CVSS7.1AI score0.00655EPSS

cve•added 2005/07/14 4:0 a.m.•33 views

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.

5CVSS6.6AI score0.00346EPSS