Resin Bugs Lets Remote Users View Files, Determine the Installation Path, and Deny Service - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Web Server/CGI) > Resin

Vendors: Caucho Technology

Resin Bugs Lets Remote Users View Files, Determine the Installation Path, and Deny Service

SecurityTracker Alert ID: 1018061

SecurityTracker URL: http://securitytracker.com/id/1018061

CVE Reference: CVE-2007-2439, CVE-2007-2440, CVE-2007-2441 (Links to External Site)

Date: May 15 2007

Impact: Denial of service via network, Disclosure of system information, Disclosure of user information

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 3.1.0 and prior versions

Description: Several vulnerabilities were reported in Resin. A remote user can cause denial of service conditions. A remote user can determine the installation path. A remote user can view certain files on the target system.

A remote user can send a specially crafted request for a DOS device name (e.g., COM, LPT) to read from the device and cause the device to become unavailable [CVE-2007-2439].

A demonstration exploit URL is provided:

http://[target]:8080/[path]/[device].foo

A remote user can supply a specially crafted URL to view files in the WEB-INF directory and its subdirectories [CVE-2007-2440].

A demonstration exploit URL is provided:

http://[target]:8080/%20..\web-inf

A remote user can submit the following type of requests to determine the installation path [CVE-2007-2440]:

http://[target]:8080/%20

http://[target]:8080/[webapp]/%20.xtp

The vendor was notified on May 3, 2007.

Derek Abdine of Rapid7 discovered these vulnerabilities.

The original advisories are available at:

http://www.rapid7.com/advisories/R7-0028.jsp
http://www.rapid7.com/advisories/R7-0029.jsp
http://www.rapid7.com/advisories/R7-0030.jsp

Impact: A remote user can cause denial of service conditions.

A remote user can determine the installation path.

A remote user can view certain files on the target system.

Solution: The vendor has issued a fixed version (3.1.1).

Vendor URL: www.caucho.com/ (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC