Lovehacker

**Name of the Vulnerable Software and Affected Versions** Caucho Technology Resin version 2.1.12 **Description** The issue allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character). For example, an attacker can send a request to 'index.jsp%20' to view the source code. **Recommendations** For version 2.1.12, consider restricting access to .jsp files or implementing a workaround to prevent requests with encoded space characters at the end of the file name.

**Name of the Vulnerable Software and Affected Versions** Caucho Technology Resin version 2.1.12 **Description** The issue allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. **Recommendations** For version 2.1.12, consider restricting access to the /WEB-INF/ directory to minimize the risk of exploitation.