PT-2006-2937 · Caucho · Caucho Resin
Published
2006-05-17
·
Updated
2018-10-18
·
CVE-2006-1953
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Caucho Resin versions 3.0.17 through 3.0.18
Description
A directory traversal issue allows remote attackers to read arbitrary files. This is achieved by using a "C:%5C" (encoded drive letter) in a URL.
Recommendations
For versions 3.0.17 and 3.0.18, consider restricting access to sensitive files and directories until a patch is available.
As a temporary workaround, avoid using encoded drive letters in URLs to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Caucho Resin