CVE-2007-2440

Caucho Resin <3.1.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2440. PoCs published by Derek Abdine.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in Caucho Resin 3.1.0 on Windows, where improper sanitization allows access to sensitive files via path traversal. The example URL demonstrates accessing the WEB-INF directory, which may contain configuration files or other sensitive data.

Description

Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Derek Abdine · textremotewindows

https://www.exploit-db.com/exploits/30038

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in Caucho Resin 3.1.0 on Windows, where improper sanitization allows access to sensitive files via path traversal. The example URL demonstrates accessing the WEB-INF directory, which may contain configuration files or other sensitive data.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Caucho Resin 3.1.0 (Windows)

No auth needed

Prerequisites: Target running Caucho Resin 3.1.0 on Windows · Network access to the target server

MITRE ATT&CK