CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2007-2440 – Caucho Resin 3.1 - '/web-inf' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2007-2440
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. Vulnerabilidad de cruce de directorio en Caucho Resin Professional 3.1.0 y Caucho Resin 3.1.0 y anteriores para Windows permite a atacantes remotos leer ciertos ficheros mediante una secuencia .. (punto punto) en un URI que contiene la secuencia "\web-inf". • https://www.exploit-db.com/exploits/30038 http://osvdb.org/36058 http://secunia.com/advisories/25286 http://www.caucho.com/resin-3.1/changes/changes.xtp http://www.rapid7.com/advisories/R7-0029.jsp http://www.securityfocus.com/bid/23985 http://www.securitytracker.com/id?1018061 http://www.vupen.com/english/advisories/2007/1824 https://exchange.xforce.ibmcloud.com/vulnerabilities/34296 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3CVE-2003-1513 – Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2003-1513
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. • https://www.exploit-db.com/exploits/23262 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html http://secunia.com/advisories/10031 http://www.securityfocus.com/bid/8852 https://exchange.xforce.ibmcloud.com/vulnerabilities/13460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1990
https://notcve.org/view.php?id=CVE-2002-1990
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. • http://online.securityfocus.com/archive/1/278747 http://www.iss.net/security_center/static/9419.php http://www.securityfocus.com/bid/5095 •