CVE-2006-2437

Caucho Resin <3.0.18 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2437. PoCs published by Joseph Pierini.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in Resin due to improper input sanitization, allowing attackers to retrieve arbitrary files. It includes example URLs demonstrating the exploit but lacks executable code.

Description

The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Joseph Pierini · textwebappsjava
https://www.exploit-db.com/exploits/27888

The provided text describes an information disclosure vulnerability in Resin due to improper input sanitization, allowing attackers to retrieve arbitrary files. It includes example URLs demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Resin (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Resin application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/908
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434145
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1831
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18007

Scores

EPSS 0.0663
EPSS Percentile 93.1%

Details

Status published
Products (2)
caucho_technology/resin 3.0.17
caucho_technology/resin 3.0.18
Published May 17, 2006
Tracked Since Feb 18, 2026