CVE-2006-2438

Name of the Vulnerable Software and Affected Versions Caucho Resin versions 3.0.17 through 3.0.18

Description A directory traversal issue exists in the viewfile servlet of the documentation package for Caucho Resin, allowing remote attackers to read arbitrary files under other web roots via the contextpath parameter. This issue can also lead to path disclosure when the parameter is invalid.

Recommendations For versions 3.0.17 and 3.0.18, consider restricting access to the viewfile servlet until a fix is available. As a temporary workaround, avoid using the contextpath parameter in the affected servlet to minimize the risk of exploitation.