Resin for Windows \WEB-INF Traversal Arbitrary File Access

Medium Nessus Plugin ID 25241


The remote web server is prone to a directory traversal attack.


The remote host is running Resin, an application server.

The installation of Resin on the remote host allows an unauthenticated, remote attacker to gain access to the web-inf directories, or any known subdirectories, on the affected Windows host, which could lead to a loss of confidentiality.


Upgrade to Resin / Resin Pro 3.1.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 25241

File Name: resin_dir_traversal2.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Web Servers

Published: 2007/05/16

Modified: 2016/05/16

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:caucho:resin

Required KB Items: www/resin

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2007/05/07

Vulnerability Publication Date: 2007/05/14

Reference Information

CVE: CVE-2007-2440

BID: 23985

OSVDB: 36058