Caucho Technology Resin Source Code Disclosure Vulnerability
BID:9614
Info
Caucho Technology Resin Source Code Disclosure Vulnerability
| Bugtraq ID: | 9614 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0280 CVE-2004-0280 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2004 12:00AM |
| Updated: | Mar 19 2015 08:22AM |
| Credit: | The disclosure of this issue has been credited to Wang Yun <[email protected]>. |
| Vulnerable: |
Caucho Technology Resin 2.1.12 Apache Software Foundation Apache 1.3.29 |
| Not Vulnerable: | |
Discussion
Caucho Technology Resin Source Code Disclosure Vulnerability
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose source code of script files by passing malicious data via a URI parameter.
The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose source code of script files by passing malicious data via a URI parameter.
The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
Exploit / POC
Caucho Technology Resin Source Code Disclosure Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/index.jsp%20
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/index.jsp%20
Solution / Fix
Caucho Technology Resin Source Code Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Caucho Technology Resin Source Code Disclosure Vulnerability
References:
References:
- Apache Homepage (Apache Software Foundation)
- Caucho Technology Homepage (Caucho Technology)
- Apache Http Server Reveals Script Source Code to Remote Users (Wang Yun
)