Description
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Joseph Pierini · textwebappsjava
https://www.exploit-db.com/exploits/27888
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/908
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434145
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1831
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18007
Scores
EPSS
0.0513
EPSS Percentile
89.9%
Details
Status
published
Products (2)
caucho_technology/resin
3.0.17
caucho_technology/resin
3.0.18
Published
May 17, 2006
Tracked Since
Feb 18, 2026