• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
• SSHredder Test Suite

_______________________________________________________________________
                        Rapid7 Security Advisory
            Visit http://www.rapid7.com/ to download NeXpose,
        SC Magazine Winner of Best Vulnerability Management product.
_______________________________________________________________________

Rapid7 Advisory R7-0029
Caucho Resin Web Application Directory Traversal

   Published:  May 14, 2007
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0029

1. Affected system(s):

   KNOWN VULNERABLE:
    o Caucho Resin Professional v3.1.0 for Windows
    o Caucho Resin v3.1.0 for Windows
    o Caucho Resin v3.0.21 for Windows
    o Caucho Resin v3.0.20 for Windows
    o Caucho Resin v3.0.19 for Windows
    o Caucho Resin v3.0.18 for Windows
    o Caucho Resin v3.0.17 for Windows

   KNOWN FIXED:
    o Caucho Resin v3.1.1 for Windows
    o Caucho Resin Professional v3.1.1 for Windows

2. Summary

   The Caucho Resin web application server for Windows contains a
   directory traversal vulnerability that allows remote
   unauthenticated users to download files from a web application's
   hidden "WEB-INF" directory.  This directory typically contains sensitive
   server configuration files and compiled java source code.

   Rapid7 have updated NeXpose to check for this vulnerability. Licensed
   customers will receive the new vulnerability checks automatically.
   Visit www.rapid7.com to register for a
   free demo of NeXpose.

3. Vendor status and information

   Caucho Technology, Inc.
   http://www.caucho.com/

   Caucho was notified of this vulnerability on May 3rd, 2007.
   They fixed this vulnerability in the latest unofficial snapshot
   of Resin 3.1.1, available from Caucho's website.

4. Solution

   Upgrade to Caucho Resin 3.1.1 or later.

5. Detailed analysis

   Caucho Resin is a servlet and JSP server. Resin ships with its own
   stand-alone web server which runs by default on port 8080. Any remote
   user can request URLs of the form:

      http://victim:8080/%20..\web-inf

   to access the web-inf directory of the corresponding web application.
   Any known sub directory may also be specified.

6. Credit

   Discovered by Derek Abdine of Rapid7.

7. Contact Information

   Rapid7, LLC
   Email: advisory@rapid7.com
   Web: http://www.rapid7.com
   Phone: +1 (617) 247-1717

8. Disclaimer and Copyright

   Rapid7, LLC is not responsible for the misuse of the information
   provided in our security advisories. These advisories are a service
   to the professional security community. There are NO WARRANTIES with
   regard to this information. Any application or distribution of this
   information constitutes acceptance AS IS, at the user's own risk.
   This information is subject to change without notice.

   This advisory Copyright (C) 2007 Rapid7, LLC. Permission is hereby
   granted to redistribute this advisory, providing that no changes are
   made and that the copyright notices and disclaimers remain intact.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact