PT-2004-1434 · Caucho Technology · Resin

Lovehacker

Published

2004-03-18

Updated

2017-07-11

CVE-2004-0280

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Caucho Technology Resin version 2.1.12

Description The issue allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character). For example, an attacker can send a request to 'index.jsp%20' to view the source code.

Recommendations For version 2.1.12, consider restricting access to .jsp files or implementing a workaround to prevent requests with encoded space characters at the end of the file name.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0280

Affected Products

Resin

PT-2004-1434 · Caucho Technology · Resin

CVE-2004-0280

Related Identifiers

Affected Products

References · 5