_______________________________________________________________________ Rapid7 Security Advisory Visit http://www.rapid7.com/ to download NeXpose, SC Magazine Winner of Best Vulnerability Management product. _______________________________________________________________________ Rapid7 Advisory R7-0024 Caucho Resin Windows Directory Traversal Vulnerability Published: May 16, 2006 Revision: 1.0 http://www.rapid7.com/advisories/R7-0024.html CVE: CVE-2006-1953 1. Affected system(s): KNOWN VULNERABLE: o Caucho Resin v3.0.18 for Windows o Caucho Resin v3.0.17 for Windows NOT VULNERABLE: o Caucho Resin v3.0.19 o Caucho Resin v3.0.16 and earlier 2. Summary The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Rapid7 have updated NeXpose to check for this vulnerability. Licensed customers will receive the new vulnerability checks automatically. Visit http://www.rapid7.com to register for a free demo of NeXpose. 3. Vendor status and information Caucho Technology, Inc. http://www.caucho.com/ Caucho was notified of this vulnerability on April 20th, 2006. They fixed this vulnerability in the latest unofficial snapshot of Resin 3.0.19, available from Caucho's website. 4. Solution Upgrade to the latest snapshot version of Resin, version 3.0.19. 5. Detailed analysis Caucho Resin is a servlet and JSP server. Resin ships with its own standalone web server which runs by default on port 8080. Any remote user can request URLs of the form: http://victim:8080/C:%5C/ to access the root of the C: drive (and any files below it). Any drive letter can be specified. Only Resin on Windows is vulnerable. This vulnerability appears to have been introduced in Resin version 3.0.17, although this has not been confirmed by the vendor. 6. Contact Information Rapid7 Security Advisories Email: advisory@private Web: http://www.rapid7.com/ Phone: +1 (617) 603-0700 7. Disclaimer and Copyright Rapid7, LLC is not responsible for the misuse of the information provided in our security advisories. These advisories are a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice. This advisory Copyright (C) 2006 Rapid7, LLC. Permission is hereby granted to redistribute this advisory, providing that no changes are made and that the copyright notices and disclaimers remain intact.
This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 08:27:54 PDT