Vulnerabilities > CVE-2006-1953 - Remote Directory Traversal vulnerability in Caucho Technology Resin 3.0.17/3.0.18
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. This vulnerability is addressed in the following product release: Caucho Technology, Resin, 3.0.19 The following product releases are not vulnerable: Caucho Technology, Resin, 3.0.16 Caucho Technology, Resin, 2.1.12 Caucho Technology, Resin, 2.1.2 Caucho Technology, Resin, 2.1.1 Caucho Technology, Resin, 2.0
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Web Servers |
NASL id | RESIN_DIR_TRAVERSAL.NASL |
description | The remote host is running Resin, an application server. The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21606 |
published | 2006-05-27 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21606 |
title | Resin for Windows Encoded URI Traversal Arbitrary File Access |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/46471/R7-0024.txt |
id | PACKETSTORM:46471 |
last seen | 2016-12-05 |
published | 2006-05-22 |
reporter | Rapid7 |
source | https://packetstormsecurity.com/files/46471/Rapid7-Security-Advisory-24.html |
title | Rapid7 Security Advisory 24 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0026.html
- http://secunia.com/advisories/20125
- http://securityreason.com/securityalert/904
- http://securitytracker.com/id?1016109
- http://www.osvdb.org/25570
- http://www.rapid7.com/advisories/R7-0024.html
- http://www.securityfocus.com/archive/1/434150/100/0/threaded
- http://www.securityfocus.com/bid/18005
- http://www.vupen.com/english/advisories/2006/1831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26478