漏洞类别:Web server漏洞等级: 
漏洞信息
Caucho Resin is a servlet and JSP engine that supports java and javascript.
Caucho Resin contains a directory traversal vulnerability, which could allow a remote user to gain read access to directories outside the root directory. Requesting a specially crafted URL composed of '/\..' sequences to a host running Resin will disclose an arbitrary directory. This vulnerability could enable a malicious user to gain read access to various files residing on the target machine.
漏洞危害
Successful exploitation of this vulnerability could lead to the disclosure of sensitive information, which could possibly aid in further attacks against the host.
解决方案
Caucho addressed this issue in Resin Version 1.2.3:
0day
文章评论