Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: resin1.htm

Resin WebServer break out of web root

    Resin Webserver


    Resin Webserver


    Joe  Testa  found  following.   Resin  1.2.2  is  a  webserver.  A
    vulnerability exists which  allows a remote  user to break  out of
    the web root using relative paths (ie: '..', '...').

    Resin does in fact check  that the requested path lies  within the
    webroot, but by inserting a backslash before any '..' or '...', it
    is possible to defeat the  check.  The following URL  demonstrates
    this vulnerability:



    A fixed upgrade, 1.2.3, was released and is available at:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH