漏洞类别:CGI
漏洞等级: 
漏洞信息
Resin is a Java Application Server for high traffic sites that require speed and scalability.
Resin Application Server is exposed to following vulnerabilities:
1) Resin Application Server is prone to a source code disclosure vulnerability. The vulnerability is caused do to an improper sanitation of the 'file' parameter when used for reading help files. An attacker can exploit this vulnerability by directly requesting a '.jsp' file for example in the root directory of the server to view its source code that might reveal sensitive information.
2) Resin Application Server suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'logout' GET parameter in the 'index.php' script.
Affected Versions:
Resin Professional Web And Application Server 4.0.36
漏洞危害
Successfully exploiting these vulnerabilities might allow a remote attacker to perform cross-site scripting attacks and also gain access to sensitive information.
解决方案
There are no vendor-supplied patches available at this time.
0day
文章评论