Vulnerabilities > CVE-2007-2440 - Information Disclosure vulnerability in Caucho Resin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Caucho Resin 3.1 \web-inf Traversal Arbitrary File Access. CVE-2007-2440. Remote exploit for windows platform |
id | EDB-ID:30038 |
last seen | 2016-02-03 |
modified | 2007-05-15 |
published | 2007-05-15 |
reporter | Derek Abdine |
source | https://www.exploit-db.com/download/30038/ |
title | Caucho Resin 3.1 \web-inf Traversal Arbitrary File Access |
Nessus
NASL family | Web Servers |
NASL id | RESIN_DIR_TRAVERSAL2.NASL |
description | The remote host is running Resin, an application server. The installation of Resin on the remote host allows an unauthenticated, remote attacker to gain access to the web-inf directories, or any known subdirectories, on the affected Windows host, which could lead to a loss of confidentiality. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25241 |
published | 2007-05-16 |
reporter | This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25241 |
title | Resin for Windows \WEB-INF Traversal Arbitrary File Access |
References
- http://osvdb.org/36058
- http://secunia.com/advisories/25286
- http://www.caucho.com/resin-3.1/changes/changes.xtp
- http://www.rapid7.com/advisories/R7-0029.jsp
- http://www.securityfocus.com/bid/23985
- http://www.securitytracker.com/id?1018061
- http://www.vupen.com/english/advisories/2007/1824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34296