CVE-2007-2441 - Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attacke

CVE-2007-2441

Summary

Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.

References

Vulnerable Configurations

cpe:2.3:a:caucho_technology:resin:*:*:professional_windows:*:*:*:*:*
cpe:2.3:a:caucho_technology:resin:*:*:professional_windows:*:*:*:*:*
cpe:2.3:a:caucho_technology:resin:*:*:windows:*:*:*:*:*
cpe:2.3:a:caucho_technology:resin:*:*:windows:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	23985
confirm	http://www.caucho.com/resin-3.1/changes/changes.xtp
misc	http://www.rapid7.com/advisories/R7-0030.jsp
osvdb	36057
sectrack	1018061
secunia	25286
vupen	ADV-2007-1824
xf	resin-multiple-path-disclosure(34293)

Last major update

29-07-2017 - 01:31

Published

16-05-2007 - 19:28

Last modified

29-07-2017 - 01:31