mirror of https://github.com/qwqdanchun/Goby.git
69 lines
3.8 KiB
JSON
69 lines
3.8 KiB
JSON
{
|
||
"Name": "Caucho Resin 4.0.52 4.0.56 Directory Traversal",
|
||
"Description": "<p>Resin is Caucho's web server and Java application server.</p><p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
|
||
"Product": "Caucho Resin",
|
||
"Homepage": "https://caucho.com",
|
||
"DisclosureDate": "2021-11-01",
|
||
"Author": "1291904552@qq.com",
|
||
"FofaQuery": "banner=\"Resin/4.0.52\"|| header=\"Resin/4.0.52\"||banner=\"Resin/4.0.53\"|| header=\"Resin/4.0.53\"||banner=\"Resin/4.0.54\"|| header=\"Resin/4.0.54\"||banner=\"Resin/4.0.55\"|| header=\"Resin/4.0.55\"||banner=\"Resin/4.0.56\"|| header=\"Resin/4.0.56\"",
|
||
"GobyQuery": "banner=\"Resin/4.0.52\"|| header=\"Resin/4.0.52\"||banner=\"Resin/4.0.53\"|| header=\"Resin/4.0.53\"||banner=\"Resin/4.0.54\"|| header=\"Resin/4.0.54\"||banner=\"Resin/4.0.55\"|| header=\"Resin/4.0.55\"||banner=\"Resin/4.0.56\"|| header=\"Resin/4.0.56\"",
|
||
"Level": "2",
|
||
"Impact": "<p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
|
||
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "Caucho Resin 服务器 4.0.52 4.0.56 版本目录遍历漏洞",
|
||
"VulType": ["目录遍历"],
|
||
"Tags": ["目录遍历"],
|
||
"Description": "<p>Resin是Caucho的Web服务器和Java应用程序服务器。</p><p>Resin服务器4.0.52至4.0.56版本存在目录遍历漏洞。攻击者可利用;来读取web配置文件进一步接管系统。</p>",
|
||
"Impact": "<p>Resin服务器4.0.52至4.0.56版本存在目录遍历漏洞。攻击者可利用;来读取web配置文件进一步接管系统。</p>",
|
||
"Product": "Caucho Resin",
|
||
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。</p><p>2、如⾮必要,禁⽌公⽹访问该系统。</p>"
|
||
},
|
||
"EN": {
|
||
"Name": "Caucho Resin 4.0.52 4.0.56 Directory Traversal",
|
||
"VulType": ["dir-traversal"],
|
||
"Tags": ["dir-traversal"],
|
||
"Description": "<p>Resin is Caucho's web server and Java application server.</p><p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
|
||
"Impact": "<p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
|
||
"Product": "Caucho Resin",
|
||
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
|
||
}
|
||
},
|
||
"References": [
|
||
"https://fofa.so"
|
||
],
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"name": "filepath",
|
||
"type": "input",
|
||
"value": "/WEB-INF/resin-web.xml"
|
||
}
|
||
],
|
||
"ExpTips": null,
|
||
"ScanSteps": null,
|
||
"Tags": [
|
||
"dir-traversal"
|
||
],
|
||
"VulType": [
|
||
"dir-traversal"
|
||
],
|
||
"CVEIDs": [
|
||
""
|
||
],
|
||
"CVSSScore": "6.5",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": ["Caucho Resin"],
|
||
"System": null,
|
||
"Hardware": null
|
||
},
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
""
|
||
]
|
||
} |