Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Caucho Technology Resin源代码和目录列表泄露漏洞
Vulnerability Description
Caucho Technology Resin是一款Web服务器。该产品具有负载均衡、分布式缓存等功能。 Caucho Technology Resin在处理部分畸形URI请求时处理不正确,远程攻击者可以利用这个漏洞获得源代码信息或者访问受限制目录。问题重现在Windows平台下的Apache1.3.29 + Resin 2.1.12配置下,在文件名后追加%20字符,或者提交/WEB-INF../的请求,可导致返回源代码信息及返回"/WEB-INF/"目录列表。
CVSS Information
N/A
Vulnerability Type
N/A