Описание
Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatch
- ExploitPatchVendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:caucho_technology:resin:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:caucho_technology:resin:3.0.18:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01669
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.
EPSS
Процентиль: 82%
0.01669
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other