qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Caucho-Resin-4.0.52-4.0.56-...

69 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Caucho Resin 4.0.52 4.0.56 Directory Traversal",
"Description": "<p>Resin is Caucho's web server and Java application server.</p><p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
"Product": "Caucho Resin",
"Homepage": "https://caucho.com",
"DisclosureDate": "2021-11-01",
"Author": "1291904552@qq.com",
"FofaQuery": "banner=\"Resin/4.0.52\"|| header=\"Resin/4.0.52\"||banner=\"Resin/4.0.53\"|| header=\"Resin/4.0.53\"||banner=\"Resin/4.0.54\"|| header=\"Resin/4.0.54\"||banner=\"Resin/4.0.55\"|| header=\"Resin/4.0.55\"||banner=\"Resin/4.0.56\"|| header=\"Resin/4.0.56\"",
"GobyQuery": "banner=\"Resin/4.0.52\"|| header=\"Resin/4.0.52\"||banner=\"Resin/4.0.53\"|| header=\"Resin/4.0.53\"||banner=\"Resin/4.0.54\"|| header=\"Resin/4.0.54\"||banner=\"Resin/4.0.55\"|| header=\"Resin/4.0.55\"||banner=\"Resin/4.0.56\"|| header=\"Resin/4.0.56\"",
"Level": "2",
"Impact": "<p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Caucho Resin 服务器 4.0.52 4.0.56 版本目录遍历漏洞",
"VulType": ["目录遍历"],
"Tags": ["目录遍历"],
"Description": "<p>Resin是Caucho的Web服务器和Java应用程序服务器。</p><p>Resin服务器4.0.52至4.0.56版本存在目录遍历漏洞。攻击者可利用;来读取web配置文件进一步接管系统。</p>",
"Impact": "<p>Resin服务器4.0.52至4.0.56版本存在目录遍历漏洞。攻击者可利用;来读取web配置文件进一步接管系统。</p>",
"Product": "Caucho Resin",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Caucho Resin 4.0.52 4.0.56 Directory Traversal",
"VulType": ["dir-traversal"],
"Tags": ["dir-traversal"],
"Description": "<p>Resin is Caucho's web server and Java application server.</p><p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
"Impact": "<p>Resin server version 4.0.52 to 4.0.56 has a directory traversal vulnerability. Attackers can use; to read web configuration files to take over the system further.</p>",
"Product": "Caucho Resin",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://caucho.com\">https://caucho.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://fofa.so"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "input",
"value": "/WEB-INF/resin-web.xml"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"dir-traversal"
],
"VulType": [
"dir-traversal"
],
"CVEIDs": [
""
],
"CVSSScore": "6.5",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": ["Caucho Resin"],
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink