Short Name |
HTTP:INFO:RESIN-DEV-WEBROOT |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Resin MSDOS Device Request |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Resin, an XML application server. Resin versions 2.1.2 and earlier are vulnerable. Attackers can send a request for a document name that is based on an MSDOS device name to access the Web server configuration.
Resin discloses the absolute path to the webroot directory to remote attackers when certain MS-DOS device names are requested. This type of sensitive information may be used in further attacks on the host. This issue has been reported in Resin running on Microsoft Windows platforms.