Resin for Windows Encoded URI Traversal Arbitrary File Access

High Nessus Plugin ID 21606


The remote web server is prone to directory traversal attacks.


The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated remote attacker to gain access to any file on the affected Windows host, which may lead to a loss of confidentiality.


Upgrade to Resin 3.0.19 or later.

See Also

Plugin Details

Severity: High

ID: 21606

File Name: resin_dir_traversal.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Web Servers

Published: 2006/05/27

Modified: 2016/05/16

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:caucho:resin

Required KB Items: www/resin

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2006/05/16

Reference Information

CVE: CVE-2006-1953

BID: 18005

OSVDB: 25570