Page 3 of 13 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. Caucho Technology Resin 2.1.21 permite a atacantes remotos ver la fuente JSP mediante una petición a un fichero .jsp que acaba en un carácter "%20" (espacio codificado en URL), por ejemplo index.jsp%20. • http://marc.info/?l=bugtraq&m=107635084830547&w=2 http://www.securityfocus.com/bid/9614 https://exchange.xforce.ibmcloud.com/vulnerabilities/15085 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. Caucho Technology Resin 2.1.12 permite a atacantes remotos obtener información sensible y ver los contenidos del directorio /WEB-INF/ mediante una petición HTTP de "WEB-INF • https://www.exploit-db.com/exploits/23671 http://marc.info/?l=bugtraq&m=107635084830547&w=2 http://www.securityfocus.com/bid/9617 https://exchange.xforce.ibmcloud.com/vulnerabilities/15087 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. • https://www.exploit-db.com/exploits/23262 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html http://secunia.com/advisories/10031 http://www.securityfocus.com/bid/8852 https://exchange.xforce.ibmcloud.com/vulnerabilities/13460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •