Resin
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0280 | 0.00 | — | 0.02 | Nov 23, 2004 | Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. | |||
| CVE-2002-2090 | 0.00 | — | 0.02 | Dec 31, 2002 | Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp. | |||
| CVE-2002-1988 | 0.00 | — | 0.02 | Dec 31, 2002 | Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources. | |||
| CVE-2002-1990 | 0.00 | — | 0.02 | Dec 31, 2002 | Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. | |||
| CVE-2002-1989 | 0.00 | — | 0.01 | Dec 31, 2002 | Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp. | |||
| CVE-2002-1987 | 0.00 | — | 0.03 | Dec 31, 2002 | Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot). | |||
| CVE-2001-0828 | 0.00 | — | 0.03 | Dec 6, 2001 | A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. |
- CVE-2004-0280Nov 23, 2004risk 0.00cvss —epss 0.02
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.
- CVE-2002-2090Dec 31, 2002risk 0.00cvss —epss 0.02
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
- CVE-2002-1988Dec 31, 2002risk 0.00cvss —epss 0.02
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
- CVE-2002-1990Dec 31, 2002risk 0.00cvss —epss 0.02
Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet.
- CVE-2002-1989Dec 31, 2002risk 0.00cvss —epss 0.01
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
- CVE-2002-1987Dec 31, 2002risk 0.00cvss —epss 0.03
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).
- CVE-2001-0828Dec 6, 2001risk 0.00cvss —epss 0.03
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
Page 2 of 2