Resin for Windows Encoded URI Traversal Arbitrary File Access

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to directory traversal attacks.

Description :

The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated
remote attacker to gain access to any file on the affected Windows
host, which may lead to a loss of confidentiality.

See also :

http://www.securityfocus.com/archive/1/434150/30/0/threaded
http://www.caucho.com/download/changes.xtp

Solution :

Upgrade to Resin 3.0.19 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 21606 ()

Bugtraq ID: 18005

CVE ID: CVE-2006-1953

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial