Caucho Technology: >> Resin Security Vulnerabilities
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
CVSS Score
5.0
EPSS Score
0.007
Published
2002-12-31
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
CVSS Score
5.1
EPSS Score
0.01
Published
2001-12-06
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
CVSS Score
5.0
EPSS Score
0.031
Published
2001-06-18
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
CVSS Score
5.0
EPSS Score
0.031
Published
2001-05-03
Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.
CVSS Score
5.0
EPSS Score
0.046
Published
2000-11-23
Page 2