Caucho Resin Remote Directory Traversal Vulnerability

Bugtraq ID:	18005
Class:	Input Validation Error
CVE:	CVE-2006-1953
Remote:	Yes
Local:	No
Published:	May 16 2006 12:00AM
Updated:	Mar 19 2015 09:33AM
Credit:	This issue was reported by the Rapid7 Security Team.
Vulnerable:	Caucho Technology Resin 3.0.18 Caucho Technology Resin 3.0.17
Not Vulnerable:	Caucho Technology Resin 3.0.19 Caucho Technology Resin 3.0.16 Caucho Technology Resin 2.1.12 Caucho Technology Resin 2.1.2 Caucho Technology Resin 2.1.1

Caucho Resin Remote Directory Traversal Vulnerability

Caucho Resin is prone to a remote directory-traversal vulnerability that may allow attackers to gain access to any file on an affected Caucho Resin server.

Attackers may exploit this vulnerability to be able to access potentially sensitive information.

Caucho Resin versions v3.0.17 and v3.0.18 are vulnerable to this issue. Versions prior to v3.0.17 are not vulnerable.

Caucho Resin Remote Directory Traversal Vulnerability

This issue can be exploited through a web client.

Caucho Resin Remote Directory Traversal Vulnerability

Solution:
The vendor has released version 3.0.19 to address this issue. Please see the reference section for more information.


Caucho Technology Resin 3.0.17

• Caucho Technology resin-pro-3.0.19.tar.gz
  http://www.caucho.com/download/resin-pro-3.0.19.tar.gz

Caucho Technology Resin 3.0.18

• Caucho Technology resin-pro-3.0.19.tar.gz
  http://www.caucho.com/download/resin-pro-3.0.19.tar.gz

Caucho Resin Remote Directory Traversal Vulnerability

References:

• Caucho Technology Homepage (Caucho Technology)
  
• Rapid7 Security Advisory R7-0024 (Rapid7)
  
• Caucho Resin Windows Directory Traversal Vulnerability ([email protected])