VULHUB ™

A vulnerability has been reported in Resin Server, deployed on a Microsoft Windows platform, that may allow remote attackers to view contents of arbitrary files. The vulnerability occurs when parsing requests for directory traversal. The 'view_source.jsp' script prevents directory traversal via '/../' sequences. However, an attacker attempting directory traversal via '\..\' sequences will succeed. This may allow an attacker to request any files on the vulnerable system readable by the web server.

A vulnerability has been reported in Resin Server, deployed on a Microsoft Windows platform, that may allow remote attackers to view contents of arbitrary files. The vulnerability occurs when parsing requests for directory traversal. The 'view_source.jsp' script prevents directory traversal via '/../' sequences. However, an attacker attempting directory traversal via '\..\' sequences will succeed. This may allow an attacker to request any files on the vulnerable system readable by the web server.