Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web5484.htm

Resin Server path disclosure using sample scripts
26th Jun 2002 [SBWID-5484]

	Resin path disclosure using sample scripts


	Resin 2.0.5 - 2.1.2


	Original  Guru   []   found   following
	regarding Resin [] :

	While working with Resin, I found that it is possible  to  disclose  the
	physical path to the webroot. An attacker may use  this  information  in
	order to gain unauthorized access to the webserver.

	By making a request for:





	Will result in:

	Hello, world! The source of this servlet is in:


	C:\\Documents and Settings\\Administrator\\Desktop\\share\\resin-2.1.1\\doc\\examples\\basic\\WEB-INF\\classes\\





	Remove the /examples directory.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH