Caucho Technology Resin Directory Listings Disclosure Vulnerability
BID:9617
Info
Caucho Technology Resin Directory Listings Disclosure Vulnerability
| Bugtraq ID: | 9617 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0281 CVE-2004-0281 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2004 12:00AM |
| Updated: | Mar 19 2015 09:26AM |
| Credit: | The disclosure of this issue has been credited to Wang Yun <[email protected]>. |
| Vulnerable: |
Caucho Technology Resin 2.1.12 Apache Software Foundation Apache 1.3.29 |
| Not Vulnerable: | |
Discussion
Caucho Technology Resin Directory Listings Disclosure Vulnerability
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter.
The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter.
The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
Exploit / POC
Caucho Technology Resin Directory Listings Disclosure Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/WEB-INF../
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/WEB-INF../
Solution / Fix
Caucho Technology Resin Directory Listings Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Caucho Technology Resin Directory Listings Disclosure Vulnerability
References:
References:
- Apache Homepage (Apache Software Foundation)
- Caucho Technology Homepage (Caucho Technology)
- Apache Http Server Reveals Script Source Code to Remote Users (Wang Yun
)