Detections
Analytics

Resin for Windows Encoded URI Traversal Arbitrary File Access

high Nessus Plugin ID 21606

Language:

Synopsis

The remote web server is prone to directory traversal attacks.

Description

The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.

Solution

Upgrade to Resin 3.0.19 or later.

See Also

https://www.securityfocus.com/archive/1/434150/30/0/threaded

http://www.caucho.com/download/changes.xtp

Plugin Details

Severity: High

ID: 21606

File Name: resin_dir_traversal.nasl

Version: 1.23

Type: remote

Family: Web Servers

Published: 5/27/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:caucho:resin

Required KB Items: www/resin

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/16/2006

Reference Information

CVE: CVE-2006-1953

BID: 18005