Exploit the possiblities

Rapid7 Security Advisory 24

Rapid7 Security Advisory 24
Posted May 22, 2006
Authored by Rapid7 | Site rapid7.com

Rapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.18 and 3.0.17 for Windows are vulnerable.

tags | exploit, remote, web
systems | windows
advisories | CVE-2006-1953
MD5 | 31d1931060c9dac4600df99620e3a12f

Rapid7 Security Advisory 24

Change Mirror Download
_______________________________________________________________________
Rapid7 Security Advisory
Visit http://www.rapid7.com/ to download NeXpose,
SC Magazine Winner of Best Vulnerability Management product.
_______________________________________________________________________

Rapid7 Advisory R7-0024
Caucho Resin Windows Directory Traversal Vulnerability

Published: May 16, 2006
Revision: 1.0
http://www.rapid7.com/advisories/R7-0024.html

CVE: CVE-2006-1953

1. Affected system(s):

KNOWN VULNERABLE:
o Caucho Resin v3.0.18 for Windows
o Caucho Resin v3.0.17 for Windows

NOT VULNERABLE:
o Caucho Resin v3.0.19
o Caucho Resin v3.0.16 and earlier

2. Summary

The Caucho Resin web application server for Windows contains a
directory traversal vulnerability that allows remote
unauthenticated users to download any file from the system. It is
possible to download files from any drive on the system.

Rapid7 have updated NeXpose to check for this vulnerability. Licensed
customers will receive the new vulnerability checks automatically.
Visit http://www.rapid7.com to register for a free demo of NeXpose.

3. Vendor status and information

Caucho Technology, Inc.
http://www.caucho.com/

Caucho was notified of this vulnerability on April 20th, 2006.
They fixed this vulnerability in the latest unofficial snapshot
of Resin 3.0.19, available from Caucho's website.

4. Solution

Upgrade to the latest snapshot version of Resin, version 3.0.19.

5. Detailed analysis

Caucho Resin is a servlet and JSP server. Resin ships with its own
standalone web server which runs by default on port 8080. Any remote
user can request URLs of the form:

http://victim:8080/C:%5C/

to access the root of the C: drive (and any files below it). Any
drive letter can be specified. Only Resin on Windows is vulnerable.

This vulnerability appears to have been introduced in Resin
version 3.0.17, although this has not been confirmed by the vendor.

6. Contact Information

Rapid7 Security Advisories
Email: advisory@rapid7.com
Web: http://www.rapid7.com/
Phone: +1 (617) 603-0700

7. Disclaimer and Copyright

Rapid7, LLC is not responsible for the misuse of the information
provided in our security advisories. These advisories are a service
to the professional security community. There are NO WARRANTIES
with regard to this information. Any application or distribution of
this information constitutes acceptance AS IS, at the user's own
risk. This information is subject to change without notice.

This advisory Copyright (C) 2006 Rapid7, LLC. Permission is
hereby granted to redistribute this advisory, providing that no
changes are made and that the copyright notices and disclaimers
remain intact.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close