Short Name |
HTTP:APACHE:RESIN-WEB-INF |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Apache/Resin WEB-INF Directory Traversal |
Release Date |
2004/06/02 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a flaw in Resin 2.1.12, a Java Scriptlet server. Attackers can send malformed URL requests to a server to allow access to a normally protected sub-directory, the WEB-INF directory.
It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter. The issue has been reported to present itself on Windows NT/2000 systems running Apache 1.3.29 and Resin 2.1.12.