CVE-2006-1953
CVSS7.8
发布时间 :2006-05-17 06:06:00
修订时间 :2011-03-07 21:34:36
NMCOPS    

[原文]Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.


[CNNVD]Caucho Resin 用户请求 目录遍历漏洞(CNNVD-200605-318)

        Resin是一款由Caucho Technology开发的WEB服务器,可使用在Microsoft Windows操作系统下。
        Resin捆绑了自己的单机版Web服务器,默认下运行在8080端口上,其对用户请求的处理上存在漏洞,远程攻击者可以利用此漏洞遍历服务器的目录。
        任意用户都可以请求类似于以下的URL:
        http://victim:8080/C:%5C/
        访问C盘根目录及其之下的任意文件。攻击者还可以指定任意盘符。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:caucho_technology:resin:3.0.18::windows
cpe:/a:caucho_technology:resin:3.0.17::windows

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1953
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1953
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-318
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18005
(PATCH)  BID  18005
http://www.securityfocus.com/archive/1/archive/1/434150/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060516 Caucho Resin Windows Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2006/1831
(UNKNOWN)  VUPEN  ADV-2006-1831
http://xforce.iss.net/xforce/xfdb/26478
(UNKNOWN)  XF  resin-webserver-directory-traversal(26478)
http://www.rapid7.com/advisories/R7-0024.html
(UNKNOWN)  MISC  http://www.rapid7.com/advisories/R7-0024.html
http://www.osvdb.org/25570
(UNKNOWN)  OSVDB  25570
http://securitytracker.com/id?1016109
(UNKNOWN)  SECTRACK  1016109
http://securityreason.com/securityalert/904
(UNKNOWN)  SREASON  904
http://secunia.com/advisories/20125
(UNKNOWN)  SECUNIA  20125
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0026.html
(UNKNOWN)  VULNWATCH  20060516 Caucho Resin Windows Directory Traversal Vulnerability

- 漏洞信息

Caucho Resin 用户请求 目录遍历漏洞
高危 路径遍历
2006-05-17 00:00:00 2006-05-17 00:00:00
远程  
        Resin是一款由Caucho Technology开发的WEB服务器,可使用在Microsoft Windows操作系统下。
        Resin捆绑了自己的单机版Web服务器,默认下运行在8080端口上,其对用户请求的处理上存在漏洞,远程攻击者可以利用此漏洞遍历服务器的目录。
        任意用户都可以请求类似于以下的URL:
        http://victim:8080/C:%5C/
        访问C盘根目录及其之下的任意文件。攻击者还可以指定任意盘符。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.caucho.com/index.xtp

- 漏洞信息 (F46471)

Rapid7 Security Advisory 24 (PacketStormID:F46471)
2006-05-22 00:00:00
Rapid7  rapid7.com
exploit,remote,web
windows
CVE-2006-1953
[点击下载]

Rapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.18 and 3.0.17 for Windows are vulnerable.

_______________________________________________________________________
                        Rapid7 Security Advisory
            Visit http://www.rapid7.com/ to download NeXpose,
        SC Magazine Winner of Best Vulnerability Management product.
_______________________________________________________________________

Rapid7 Advisory R7-0024
Caucho Resin Windows Directory Traversal Vulnerability

   Published:  May 16, 2006
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0024.html

   CVE:    CVE-2006-1953

1. Affected system(s):

   KNOWN VULNERABLE:
    o Caucho Resin v3.0.18 for Windows
    o Caucho Resin v3.0.17 for Windows

   NOT VULNERABLE:
    o Caucho Resin v3.0.19
    o Caucho Resin v3.0.16 and earlier

2. Summary

   The Caucho Resin web application server for Windows contains a
   directory traversal vulnerability that allows remote
   unauthenticated users to download any file from the system. It is
   possible to download files from any drive on the system.

   Rapid7 have updated NeXpose to check for this vulnerability. Licensed
   customers will receive the new vulnerability checks automatically.
   Visit http://www.rapid7.com to register for a free demo of NeXpose.

3. Vendor status and information

   Caucho Technology, Inc.
   http://www.caucho.com/

   Caucho was notified of this vulnerability on April 20th, 2006.
   They fixed this vulnerability in the latest unofficial snapshot
   of Resin 3.0.19, available from Caucho's website.

4. Solution

   Upgrade to the latest snapshot version of Resin, version 3.0.19.

5. Detailed analysis

   Caucho Resin is a servlet and JSP server. Resin ships with its own
   standalone web server which runs by default on port 8080. Any remote
   user can request URLs of the form:

      http://victim:8080/C:%5C/

   to access the root of the C: drive (and any files below it). Any
   drive letter can be specified.  Only Resin on Windows is vulnerable.

   This vulnerability appears to have been introduced in Resin
   version 3.0.17, although this has not been confirmed by the vendor.

6. Contact Information

   Rapid7 Security Advisories
   Email:  advisory@rapid7.com
   Web:    http://www.rapid7.com/
   Phone:  +1 (617) 603-0700

7. Disclaimer and Copyright

   Rapid7, LLC is not responsible for the misuse of the information
   provided in our security advisories.  These advisories are a service
   to the professional security community.  There are NO WARRANTIES
   with regard to this information.  Any application or distribution of
   this information constitutes acceptance AS IS, at the user's own
   risk.  This information is subject to change without notice.

   This advisory Copyright (C) 2006 Rapid7, LLC.  Permission is
   hereby granted to redistribute this advisory, providing that no
   changes are made and that the copyright notices and disclaimers
   remain intact.

    

- 漏洞信息

25570
Caucho Resin Encoded URI Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

Caucho Resin contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to an input validation error when processing specially crafted HTTP requests containing the "%5C" sequence.

- 时间线

2006-05-16 Unknow
2006-05-16 Unknow

- 解决方案

Upgrade to version 3.0.19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Caucho Resin Remote Directory Traversal Vulnerability
Input Validation Error 18005
Yes No
2006-05-16 12:00:00 2006-05-17 07:49:00
This issue was reported by the Rapid7 Security Team.

- 受影响的程序版本

Caucho Technology Resin 3.0.18
Caucho Technology Resin 3.0.17
Caucho Technology Resin 3.0.19
Caucho Technology Resin 3.0.16
Caucho Technology Resin 2.1.12
Caucho Technology Resin 2.1.2
Caucho Technology Resin 2.1.1

- 不受影响的程序版本

Caucho Technology Resin 3.0.19
Caucho Technology Resin 3.0.16
Caucho Technology Resin 2.1.12
Caucho Technology Resin 2.1.2
Caucho Technology Resin 2.1.1

- 漏洞讨论

Caucho Resin is prone to a remote directory-traversal vulnerability that may allow attackers to gain access to any file on an affected Caucho Resin server.

Attackers may exploit this vulnerability to be able to access potentially sensitive information.

Caucho Resin versions v3.0.17 and v3.0.18 are vulnerable to this issue. Versions prior to v3.0.17 are not vulnerable.

- 漏洞利用

This issue can be exploited through a web client.

- 解决方案

The vendor has released version 3.0.19 to address this issue. Please see the reference section for more information.


Caucho Technology Resin 3.0.17

Caucho Technology Resin 3.0.18

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站