CVE-2007-2439

Name of the Vulnerable Software and Affected Versions Caucho Resin Professional versions 3.1.0 and earlier Caucho Resin versions 3.1.0 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a device hang, and read data from a COM or LPT device. This is achieved by using a DOS device name with an arbitrary extension.

Recommendations For Caucho Resin Professional versions 3.1.0 and earlier, consider restricting access to the DOS device names to minimize the risk of exploitation. For Caucho Resin versions 3.1.0 and earlier, avoid using arbitrary extensions with DOS device names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.