{"api_version":"1","generated_at":"2026-04-25T19:45:57+00:00","cve":"CVE-2007-2441","urls":{"html":"https://cve.report/CVE-2007-2441","api":"https://cve.report/api/cve/CVE-2007-2441.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2441","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2441"},"summary":{"title":"CVE-2007-2441","description":"Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-16 19:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.rapid7.com/advisories/R7-0030.jsp","name":"http://www.rapid7.com/advisories/R7-0030.jsp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Rapid7 Security Advisory R7-0030: Caucho Resin Multiple Path Disclosure Vulnerabilities","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/25286","name":"http://secunia.com/advisories/25286","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Caucho Resin Multiple Information Disclosure Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.caucho.com/resin-3.1/changes/changes.xtp","name":"http://www.caucho.com/resin-3.1/changes/changes.xtp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Resin : Changes : Resin Change Log","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1824","name":"http://www.vupen.com/english/advisories/2007/1824","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/23985","name":"http://www.securityfocus.com/bid/23985","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Caucho Resin Multiple Information Disclosure Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1018061","name":"http://www.securitytracker.com/id?1018061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Resin Bugs Lets Remote Users View Files, Determine the Installation Path, and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/36057","name":"http://osvdb.org/36057","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34293","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34293","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2441","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2441","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2441","vulnerable":"1","versionEndIncluding":"3.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"caucho_technology","cpe5":"resin","cpe6":"*","cpe7":"*","cpe8":"professional_windows","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2441","vulnerable":"1","versionEndIncluding":"3.1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"caucho_technology","cpe5":"resin","cpe6":"*","cpe7":"*","cpe8":"windows","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:42:33.453Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"resin-multiple-path-disclosure(34293)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34293"},{"name":"1018061","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018061"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.rapid7.com/advisories/R7-0030.jsp"},{"name":"25286","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25286"},{"name":"ADV-2007-1824","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1824"},{"name":"23985","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23985"},{"name":"36057","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36057"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.caucho.com/resin-3.1/changes/changes.xtp"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"resin-multiple-path-disclosure(34293)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34293"},{"name":"1018061","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018061"},{"tags":["x_refsource_MISC"],"url":"http://www.rapid7.com/advisories/R7-0030.jsp"},{"name":"25286","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25286"},{"name":"ADV-2007-1824","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1824"},{"name":"23985","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23985"},{"name":"36057","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36057"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.caucho.com/resin-3.1/changes/changes.xtp"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2441","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"resin-multiple-path-disclosure(34293)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34293"},{"name":"1018061","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018061"},{"name":"http://www.rapid7.com/advisories/R7-0030.jsp","refsource":"MISC","url":"http://www.rapid7.com/advisories/R7-0030.jsp"},{"name":"25286","refsource":"SECUNIA","url":"http://secunia.com/advisories/25286"},{"name":"ADV-2007-1824","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1824"},{"name":"23985","refsource":"BID","url":"http://www.securityfocus.com/bid/23985"},{"name":"36057","refsource":"OSVDB","url":"http://osvdb.org/36057"},{"name":"http://www.caucho.com/resin-3.1/changes/changes.xtp","refsource":"CONFIRM","url":"http://www.caucho.com/resin-3.1/changes/changes.xtp"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2441","datePublished":"2007-05-16T19:00:00.000Z","dateReserved":"2007-05-01T00:00:00.000Z","dateUpdated":"2024-08-07T13:42:33.453Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-16 19:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caucho_technology:resin:*:*:professional_windows:*:*:*:*:*","versionEndIncluding":"3.1.0","matchCriteriaId":"FBF9DCB9-B220-4C92-B4C5-76AA337261CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:caucho_technology:resin:*:*:windows:*:*:*:*:*","versionEndIncluding":"3.1.0","matchCriteriaId":"A2C9E128-D5A1-4CA1-8C36-D64829458B2A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2441","Ordinal":"1","Title":"CVE-2007-2441","CVE":"CVE-2007-2441","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2441","Ordinal":"1","NoteData":"Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.","Type":"Description","Title":"CVE-2007-2441"},{"CveYear":"2007","CveId":"2441","Ordinal":"2","NoteData":"2007-05-16","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2441","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}