Vulnerability Details CVE-2006-2437
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html
- http://securityreason.com/securityalert/908
- http://www.securityfocus.com/archive/1/434145
- http://www.securityfocus.com/bid/18007
- http://www.vupen.com/english/advisories/2006/1831
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html
- http://securityreason.com/securityalert/908
- http://www.securityfocus.com/archive/1/434145
- http://www.securityfocus.com/bid/18007
- http://www.vupen.com/english/advisories/2006/1831
Products affected by CVE-2006-2437
-
cpe:2.3:a:caucho_technology:resin:3.0.17
-
cpe:2.3:a:caucho_technology:resin:3.0.18