1. CVE-Search
  2. CVE-2006-1953
ID CVE-2006-1953
Summary Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. This vulnerability is addressed in the following product release: Caucho Technology, Resin, 3.0.19 The following product releases are not vulnerable: Caucho Technology, Resin, 3.0.16 Caucho Technology, Resin, 2.1.12 Caucho Technology, Resin, 2.1.2 Caucho Technology, Resin, 2.1.1 Caucho Technology, Resin, 2.0
References
Vulnerable Configurations
  • cpe:2.3:a:caucho_technology:resin:3.0.17:*:windows:*:*:*:*:*
    cpe:2.3:a:caucho_technology:resin:3.0.17:*:windows:*:*:*:*:*
  • cpe:2.3:a:caucho_technology:resin:3.0.18:*:windows:*:*:*:*:*
    cpe:2.3:a:caucho_technology:resin:3.0.18:*:windows:*:*:*:*:*
CVSS
Base: 7.8 (as of 18-10-2018 - 16:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:N/A:N
refmap via4
bid 18005
bugtraq 20060516 Caucho Resin Windows Directory Traversal Vulnerability
misc http://www.rapid7.com/advisories/R7-0024.html
osvdb 25570
sectrack 1016109
secunia 20125
sreason 904
vulnwatch 20060516 Caucho Resin Windows Directory Traversal Vulnerability
vupen ADV-2006-1831
xf resin-webserver-directory-traversal(26478)
Last major update 18-10-2018 - 16:37
Published 17-05-2006 - 10:06
Last modified 18-10-2018 - 16:37
Back to Top