CVE-2004-0281 – Caucho Technology Resin 2.1.12 - Directory Listings Disclosure
https://notcve.org/view.php?id=CVE-2004-0281
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. Caucho Technology Resin 2.1.12 permite a atacantes remotos obtener información sensible y ver los contenidos del directorio /WEB-INF/ mediante una petición HTTP de "WEB-INF • https://www.exploit-db.com/exploits/23671 http://marc.info/?l=bugtraq&m=107635084830547&w=2 http://www.securityfocus.com/bid/9617 https://exchange.xforce.ibmcloud.com/vulnerabilities/15087 •
CVE-2003-1513 – Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2003-1513
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp. • https://www.exploit-db.com/exploits/23262 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html http://secunia.com/advisories/10031 http://www.securityfocus.com/bid/8852 https://exchange.xforce.ibmcloud.com/vulnerabilities/13460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2002-1990
https://notcve.org/view.php?id=CVE-2002-1990
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. • http://online.securityfocus.com/archive/1/278747 http://www.iss.net/security_center/static/9419.php http://www.securityfocus.com/bid/5095 •
CVE-2002-2090
https://notcve.org/view.php?id=CVE-2002-2090
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. • http://seclists.org/bugtraq/2002/Jul/0186.html http://www.securityfocus.com/bid/5252 •
CVE-2002-1987
https://notcve.org/view.php?id=CVE-2002-1987
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot). • http://online.securityfocus.com/archive/1/277225 http://www.iss.net/security_center/static/9351.php http://www.securityfocus.com/bid/5031 •