MidnightBSD

Advisories for caucho

CVE-2004-0281 MEDIUM

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caucho resin 2.1.12
CVE-2008-2462 MEDIUM

Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
caucho resin *
CVE-2010-2032 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
caucho resin 3.1.10
caucho resin 3.1.5
caucho resin 4.0.6
CVE-2014-2966 MEDIUM

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-264,

Products Affected

Vendor Product Version
caucho resin 4.0.36
caucho resin *
caucho resin 4.0.38
caucho resin 4.0.37
CVE-2021-44138 MEDIUM

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
caucho resin *