HTTP: Resin MSDOS Device Request
This signature detects attempts to exploit a known vulnerability in Resin, an XML application server. Resin versions 2.1.2 and earlier are vulnerable. Attackers can send a request for a document name that is based on an MSDOS device name to access the Web server configuration.
Extended Description
Resin discloses the absolute path to the webroot directory to remote attackers when certain MS-DOS device names are requested. This type of sensitive information may be used in further attacks on the host. This issue has been reported in Resin running on Microsoft Windows platforms.
Affected Products
Caucho_technology resin
References
BugTraq: 5252
CVE: CVE-2002-2090
URL: http://www.security.nnov.ru/search/document.asp?docid=3231
Short Name
HTTP:INFO:RESIN-DEV-WEBROOT
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-2090 Device MSDOS Request Resin bid:5252
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Caucho_technology
CVSS Score
5.0