Signature Detail
Short Name |
HTTP:APACHE:RESIN-WEB-INF |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache/Resin WEB-INF Directory Traversal |
Release Date |
2004/06/02 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache/Resin WEB-INF Directory Traversal
This signature detects attempts to exploit a flaw in Resin 2.1.12, a Java Scriptlet server. Attackers can send malformed URL requests to a server to allow access to a normally protected sub-directory, the WEB-INF directory.
Extended Description
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter. The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.
Affected Products
- Apache Software Foundation Apache 1.3.29
- Caucho Technology Resin 2.1.12
References
- BugTraq: 9617
- CVE: CVE-2004-0281
- URL: http://www.caucho.com/