CVE-2006-2437 – Caucho Resin 3.0.17/3.0.18 - Viewfile Information Disclosure
https://notcve.org/view.php?id=CVE-2006-2437
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. • https://www.exploit-db.com/exploits/27888 http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html http://securityreason.com/securityalert/908 http://www.securityfocus.com/archive/1/434145 http://www.securityfocus.com/bid/18007 http://www.vupen.com/english/advisories/2006/1831 •
CVE-2004-0280
https://notcve.org/view.php?id=CVE-2004-0280
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. Caucho Technology Resin 2.1.21 permite a atacantes remotos ver la fuente JSP mediante una petición a un fichero .jsp que acaba en un carácter "%20" (espacio codificado en URL), por ejemplo index.jsp%20. • http://marc.info/?l=bugtraq&m=107635084830547&w=2 http://www.securityfocus.com/bid/9614 https://exchange.xforce.ibmcloud.com/vulnerabilities/15085 •
CVE-2003-1513 – Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2003-1513
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. • https://www.exploit-db.com/exploits/23262 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html http://secunia.com/advisories/10031 http://www.securityfocus.com/bid/8852 https://exchange.xforce.ibmcloud.com/vulnerabilities/13460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2002-1990
https://notcve.org/view.php?id=CVE-2002-1990
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. • http://online.securityfocus.com/archive/1/278747 http://www.iss.net/security_center/static/9419.php http://www.securityfocus.com/bid/5095 •
CVE-2002-2090
https://notcve.org/view.php?id=CVE-2002-2090
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. • http://seclists.org/bugtraq/2002/Jul/0186.html http://www.securityfocus.com/bid/5252 •