Caucho Technology Resin 1.2 and possibly earlier allows remote malicious users to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
caucho technology resin 1.1.5 |
||
caucho technology resin 1.2 |