PT-2007-3770 · Caucho · Caucho Resin+1

Published

2007-05-16

Updated

2017-07-29

CVE-2007-2439

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Caucho Resin Professional versions 3.1.0 and earlier Caucho Resin versions 3.1.0 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a device hang, and read data from a COM or LPT device. This is achieved by using a DOS device name with an arbitrary extension.

Recommendations For Caucho Resin Professional versions 3.1.0 and earlier, consider restricting access to the DOS device names to minimize the risk of exploitation. For Caucho Resin versions 3.1.0 and earlier, avoid using arbitrary extensions with DOS device names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2439

Affected Products

Caucho Resin

Caucho Resin Professional

PT-2007-3770 · Caucho · Caucho Resin+1

CVE-2007-2439

Related Identifiers

Affected Products

References · 9