Description
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Derek Abdine · textremotewindows
https://www.exploit-db.com/exploits/30037
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34293
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018061
Patch x_refsource_misc
http://www.rapid7.com/advisories/R7-0030.jsp
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25286
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1824
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23985
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36057
Patch x_refsource_confirm
http://www.caucho.com/resin-3.1/changes/changes.xtp
Scores
EPSS
0.0992
EPSS Percentile
93.0%
Details
Status
published
Products (1)
caucho_technology/resin
< 3.1.0 (2 CPE variants)
Published
May 16, 2007
Tracked Since
Feb 18, 2026