Summary: | www-servers/resin Multiple Information Disclosure Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25286/ | ||
Whiteboard: | B4 [] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-05-15 13:20:10 UTC
maintainers - please provide an updated ebuild http://[host]:8080/[path]/[device].[extension] -> DOS only http://[host]:8080/%20..\web-inf -> ends with 404 for me http://[host]:8080/%20 -> ends with 404 for me (tested with 3.0.22, which is mentioned in the advisory) And: "The vulnerabilities are reported in Caucho Resin 3.1.0 for Windows and Caucho Resin Professional 3.1.0 for Windows. Other versions may also be affected." So it's invalid IMHO. Thx for testing and reporting. I'll close this one as INVALID until proven otherwise. Just to be on the safe side: 3.0.23 and 3.1.1 are in the tree (3.1.0 removed, it was not a target for stable anyway). |