PT-2006-2937 · Caucho · Caucho Resin
Publicado
2006-05-17
·
Atualizado
2018-10-18
·
CVE-2006-1953
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Caucho Resin versions 3.0.17 through 3.0.18
Description
A directory traversal issue allows remote attackers to read arbitrary files. This is achieved by using a "C:%5C" (encoded drive letter) in a URL.
Recommendations
For versions 3.0.17 and 3.0.18, consider restricting access to sensitive files and directories until a patch is available.
As a temporary workaround, avoid using encoded drive letters in URLs to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Caucho Resin