Skip navigation
Menu
End-User Platforms>Windows 7/8

Information Disclosure Vulnerability in Resin Web and Application Server

Reported July 17, 2002, by Peter Gründl.

VERSIONS AFFECTED

  • Resin Web and Application Server 2.1.1 and 2.1.2 for Windows 2000

 

DESCRIPTION

An information-disclosure vulnerability exists in Resin 2.1.1 and 2.1.2 for Windows 2000 that can result in displaying the physical path to the Web root. By requesting certain disk operating system (DOS) devices, such as lpt9.xtp, an attacker can cause the server to display an error message with the path to Web root in the returned-error information.

 

VENDOR RESPONSE

 

The vendor, Caucho Technology, recommends that affected users download the latest build, which doesn't contain this vulnerability.

 

CREDIT
Discovered by Peter Gründl.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019