Resin MS-DOS Device Request Path Disclosure

medium Nessus Plugin ID 11048

Synopsis

It is possible to disclose information about the remote host.

Description

Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp

An attacker may use this flaw to gain further knowledge about the remote filesystem layout.

Solution

Upgrade to a later software version.

Plugin Details

Severity: Medium

ID: 11048

File Name: resin_path_disclosure.nasl

Version: 1.40

Type: remote

Family: Web Servers

Published: 7/17/2002

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:caucho_technology:resin

Required KB Items: www/resin

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/17/2002

Reference Information

CVE: CVE-2002-2090

BID: 5252