Caucho · Caucho Resin · CVE-2006-2437
**Name of the Vulnerable Software and Affected Versions**
Caucho Resin versions 3.0.17 through 3.0.18
**Description**
The issue allows remote attackers to obtain the source code for files under the web root. This is achieved through the `file` parameter in the viewfile servlet, which is part of the documentation package (resin-doc) for Caucho Resin.
**Recommendations**
For versions 3.0.17 and 3.0.18, consider restricting access to the viewfile servlet to minimize the risk of exploitation. As a temporary workaround, avoid using the `file` parameter in the affected servlet until a patch is available.