SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Resin Vendors:   Caucho Technology
Resin Web Servlet and Java Engine Allows Unauthorized Access to Directories and Files Outside of the Web Root Directory
SecurityTracker Alert ID:  1000942
SecurityTracker URL:  http://securitytracker.com/id/1000942
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 16 2001
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Resin 1.2.2
Description:   A vulnerability has been reported in Resin 1.2.2 that allows a remote user to view server directory listings and files outside of the web root using relative paths (e.g., '..', '...'). Resin is a servlet and JSP engine that works with many popular web servers.

According to the report, Resin does perform a check that the requested path lies within the webroot. However, by inserting a backslash before any '..' or '...', it is possible to defeat the check.

The following URL demonstrates this vulnerability:
http://localhost:8080/\../readme.txt

Impact:   The vulnerability allows a remote attacker to view directory listings and files that lie outside of the web root directory.
Solution:   The vendor has released an upgrade, 1.2.3. For more information, see: http://www.caucho.com/download/index.xtp
Vendor URL:  www.caucho.com (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Vulnerability in Resin Webserver


--Hushpart_boundary_qeymWlyPOnLcSwAjTdEqQFEzMzjXCIOi
Content-type: text/plain

----- Begin Hush Signed Message from joetesta@hushmail.com -----

Vulnerability in Resin Webserver




    Overview

Resin 1.2.2 is a webserver available from http://www.caucho.com and
http://java.tucows.com.  A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').



    Details

Resin does in fact check that the requested path lies within the webroot,
but by inserting a backslash before any '..' or '...', it is possible
to defeat the check.  The following URL demonstrates this vulnerability:


        http://localhost:8080/\../readme.txt



    Solution

A fixed upgrade, 1.2.3, was released and is available at:


        http://www.caucho.com/download/index.xtp



    Vendor Status

Caucho Technology, Inc was notified via <resin@caucho.com> and
<ferg@caucho.com> on Sunday, January 28, 2001.  I would like to congratulate
Caucho for being the first cooperative vendor I have ever dealt with.


    - Joe Testa  ( e-mail: joetesta@hushmail.com / AIM: LordSpankatron )


----- Begin Hush Signature v1.3 -----
An0eed7ic2H8Vtwjs3cQulZsm6R8EEwEMFlftmkdq+W6lBV+uEITb9LSwXnLtJGWUwaH
ATRTVglHrpuXliZsKdOLkr1V6e+DpfmUpi0EgNnYn0watuvzd1nPfwW7QSXInSdMWuBu
KRoEXT3jn3WE4kdyDvbbZ6i8jsN7+mYuSs3JCgELd3t/kumhSfQa7JyxRkO9JUUiJo0q
NWSvr5rI60ioW/xv7SS5SGd/Fi9LYKmAPGNRNk86EfTXJsSF5BaogliJT1BvjdOh5Spn
Zrng815s3CZweudPh+I7DLmddZefRqpCV6fyp/juittDhpZ9y7WZpy6Ea4LtPfpo07jk
tSHqUg2R4cCRJBwj8M+pRGVmfYK1Zhli7AivtznD62DfxEv5abHrPMGwlNabpAc7NHBc
8f7eHUFFTkR0Eb3YAk5y4e+PREaQ6jEbUKS6yIf29Xh6+iZybGssClim0d8SO/2xG5dL
tE1WgFJgv1Jd7p+iuXhVu4T65DMhYFi2FluHFYB2g6Gg
----- End Hush Signature v1.3 -----
\n\nThis message has been signed with a Hush Digital Signature. \nTo verify the signature, please go to www.hush.com/tools\n\n
--Hushpart_boundary_qeymWlyPOnLcSwAjTdEqQFEzMzjXCIOi--


IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read easily by the many people who have access to your
 open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC