Caucho Technology Resin Viewfile 'file' Parameter Cross Site Scripting Vulnerability

Bugtraq ID: 29948
Class: Input Validation Error
CVE: CVE-2008-2462
Remote: Yes
Local: No
Published: Jun 25 2008 12:00AM
Updated: Jun 27 2008 12:11AM
Credit: Tomasz Kuczynski
Vulnerable: Caucho Technology Resin 3.1.1
Caucho Technology Resin 3.1
Caucho Technology Resin 3.0.19
Caucho Technology Resin 3.0.18
Caucho Technology Resin 3.0.17
Caucho Technology Resin 3.0.16
Caucho Technology Resin 2.1.12
Caucho Technology Resin 2.1.2
Caucho Technology Resin 2.1.1
Caucho Technology Resin 2.1 .s020711
Caucho Technology Resin 2.0 b2
- Apache Software Foundation Apache 1.3.9
- Microsoft IIS 5.0
Caucho Technology Resin 2.0
Caucho Technology Resin 1.3
- Apache Software Foundation Apache 1.3.9
- Microsoft IIS 5.0
Caucho Technology Resin 1.2.5
- Apache Software Foundation Apache 1.3.9
- Microsoft IIS 5.0
Caucho Technology Resin 1.2.3
- Apache Software Foundation Apache 1.3.9
- Microsoft Windows 2000 Professional
Caucho Technology Resin 1.2.2
Caucho Technology Resin 1.2
- Apache Software Foundation Apache 1.3.9
- Microsoft IIS 5.0
Caucho Technology Resin 1.1
Not Vulnerable: Caucho Technology Resin 3.1.4
Caucho Technology Resin 3.0.25


 

Privacy Statement
Copyright 2010, SecurityFocus