Security for everyone

CVE-2021-44138 Scanner

Detects 'Directory traversal' vulnerability in Caucho Resin affects v. >= 4.0.52 <= 4.0.56

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-44138 Scanner Detail

Caucho Resin is a high-performance application server used for web applications and API services. It is deployed by organizations worldwide to host critical Java applications, offering features like load balancing, clustering, and a lightweight web server. Resin supports a wide range of web technologies, making it a versatile platform for developers. It's designed for high traffic websites requiring reliable, fast, and scalable web infrastructure. The affected versions of Resin are widely used, making this vulnerability a significant security concern.

The vulnerability is present in versions 4.0.52 to 4.0.56 of Caucho Resin, where the server fails to properly sanitize file paths included in HTTP requests. Specifically, an attacker can include a semicolon (;) followed by a path traversal sequence (/../) to navigate to restricted directories. This flaw enables unauthorized file access, allowing the attacker to view files like web.xml and resin-web.xml, which should not be accessible from the web.

Exploiting this vulnerability could lead to the exposure of sensitive information stored on the server, including configuration details, credentials, and proprietary data. This information leakage can facilitate further attacks, such as server compromise, data manipulation, or elevation of privileges. In a worst-case scenario, it could lead to a full system compromise.

By leveraging the security scanning capabilities of the securityforeveryone platform, users can identify and address vulnerabilities like the Directory Traversal flaw in Caucho Resin. Our platform offers detailed vulnerability assessments, actionable remediation guidance, and continuous monitoring to protect your digital assets from emerging threats. Joining securityforeveryone not only enhances your security posture but also provides peace of mind through comprehensive cyber threat management.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture