Reported July 17, 2002, by Peter Gründl.
VERSIONS AFFECTED
-
Resin Web and Application Server 2.1.1 and 2.1.2 for Windows 2000
DESCRIPTION
An
information-disclosure vulnerability exists in Resin 2.1.1 and 2.1.2 for Windows
2000 that can result in displaying the physical path to the Web root. By
requesting certain disk operating system (DOS) devices, such as lpt9.xtp, an
attacker can cause the server to display an error message with the path to Web
root in the returned-error information.
VENDOR RESPONSE
The vendor, Caucho Technology, recommends that affected users download the latest build, which doesn't contain this vulnerability.
CREDIT
Discovered by Peter
Gründl.
0 comments
Hide comments