HTTP: Apache/Resin WEB-INF Directory Traversal
This signature detects attempts to exploit a flaw in Resin 2.1.12, a Java Scriptlet server. Attackers can send malformed URL requests to a server to allow access to a normally protected sub-directory, the WEB-INF directory.
Extended Description
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter. The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
Affected Products
Caucho_technology resin
Short Name
HTTP:APACHE:RESIN-WEB-INF
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache/Resin CVE-2004-0281 Directory Traversal WEB-INF bid:9617
Release Date
06/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Apache_software_foundation
Caucho_technology
CVSS Score
5.0