Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] Caucho Resin Windows Directory Traversal Vulnerability

from [advisory] Network Security [Permanent Link]
Subject: [VulnWatch] Caucho Resin Windows Directory Traversal Vulnerability
Date: Tue, 16 May 2006 11:08:04 -0700 
_______________________________________________________________________
                        Rapid7 Security Advisory
            Visit http://www.rapid7.com/ to download NeXpose,
        SC Magazine Winner of Best Vulnerability Management product.
_______________________________________________________________________

Rapid7 Advisory R7-0024
Caucho Resin Windows Directory Traversal Vulnerability

   Published:  May 16, 2006
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0024.html

   CVE:    CVE-2006-1953

1. Affected system(s):

   KNOWN VULNERABLE:
    o Caucho Resin v3.0.18 for Windows
    o Caucho Resin v3.0.17 for Windows

   NOT VULNERABLE:
    o Caucho Resin v3.0.19
    o Caucho Resin v3.0.16 and earlier

2. Summary

   The Caucho Resin web application server for Windows contains a
   directory traversal vulnerability that allows remote
   unauthenticated users to download any file from the system. It is
   possible to download files from any drive on the system.

   Rapid7 have updated NeXpose to check for this vulnerability. Licensed
   customers will receive the new vulnerability checks automatically.
   Visit http://www.rapid7.com to register for a free demo of NeXpose.

3. Vendor status and information

   Caucho Technology, Inc.
   http://www.caucho.com/

   Caucho was notified of this vulnerability on April 20th, 2006.
   They fixed this vulnerability in the latest unofficial snapshot
   of Resin 3.0.19, available from Caucho's website.

4. Solution

   Upgrade to the latest snapshot version of Resin, version 3.0.19.

5. Detailed analysis

   Caucho Resin is a servlet and JSP server. Resin ships with its own
   standalone web server which runs by default on port 8080. Any remote
   user can request URLs of the form:

      http://victim:8080/C:%5C/

   to access the root of the C: drive (and any files below it). Any
   drive letter can be specified.  Only Resin on Windows is vulnerable.

   This vulnerability appears to have been introduced in Resin
   version 3.0.17, although this has not been confirmed by the vendor.

6. Contact Information

   Rapid7 Security Advisories
   Email:  advisory@rapid7.com
   Web:    http://www.rapid7.com/
   Phone:  +1 (617) 603-0700

7. Disclaimer and Copyright

   Rapid7, LLC is not responsible for the misuse of the information
   provided in our security advisories.  These advisories are a service
   to the professional security community.  There are NO WARRANTIES
   with regard to this information.  Any application or distribution of
   this information constitutes acceptance AS IS, at the user's own
   risk.  This information is subject to change without notice.

   This advisory Copyright (C) 2006 Rapid7, LLC.  Permission is
   hereby granted to redistribute this advisory, providing that no
   changes are made and that the copyright notices and disclaimers
   remain intact.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] Caucho Resin Windows Directory Traversal Vulnerability, advisory <=
Previous by Date:  [Full-disclosure] iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@idefense.com
Next by Date:  Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity)
Previous by Thread:  [Full-disclosure] iDefense Q2 2006 Vulnerability Challenge, labs-no-reply@idefense.com
Next by Thread:  Symantec antivirus software exposes computers, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]