Maybe-Why-Not

**Name of the Vulnerable Software and Affected Versions** Caucho Resin versions 4.0.52 through 4.0.56 **Description** The issue allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. This is a Directory traversal vulnerability. **Recommendations** For versions 4.0.52 through 4.0.56, consider restricting access to sensitive directories and files as a temporary workaround until a patch is available. Avoid using the ; character in pathnames within HTTP requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ffay lanproxy version 0.1 **Description** The issue allows Directory Traversal, enabling the reading of `/../conf/config.properties` to obtain credentials for a connection to the intranet. This could potentially expose sensitive information. **Recommendations** For ffay lanproxy version 0.1, consider restricting access to the `/../conf/config.properties` file until a patch is available. As a temporary workaround, limit the exposure of sensitive credentials stored in this file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.