VYPR

Resin

by Caucho Technology

CVEs (27)

  • CVE-2004-0280Nov 23, 2004
    risk 0.00cvss epss 0.02

    Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.

  • CVE-2002-2090Dec 31, 2002
    risk 0.00cvss epss 0.02

    Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.

  • CVE-2002-1988Dec 31, 2002
    risk 0.00cvss epss 0.02

    Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.

  • CVE-2002-1990Dec 31, 2002
    risk 0.00cvss epss 0.02

    Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.

  • CVE-2002-1989Dec 31, 2002
    risk 0.00cvss epss 0.01

    Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.

  • CVE-2002-1987Dec 31, 2002
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).

  • CVE-2001-0828Dec 6, 2001
    risk 0.00cvss epss 0.03

    A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.

Page 2 of 2