S4E

CVE-2021-44138 Scanner

Detects 'Directory traversal' vulnerability in Caucho Resin affects v. >= 4.0.52 <= 4.0.56

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 2 days

Scan only one

Domain, IPv4

Toolbox

-

Caucho Resin is a high-performance application server used for web applications and API services. It is deployed by organizations worldwide to host critical Java applications, offering features like load balancing, clustering, and a lightweight web server. Resin supports a wide range of web technologies, making it a versatile platform for developers. It's designed for high traffic websites requiring reliable, fast, and scalable web infrastructure. The affected versions of Resin are widely used, making this vulnerability a significant security concern.

The vulnerability is present in versions 4.0.52 to 4.0.56 of Caucho Resin, where the server fails to properly sanitize file paths included in HTTP requests. Specifically, an attacker can include a semicolon (;) followed by a path traversal sequence (/../) to navigate to restricted directories. This flaw enables unauthorized file access, allowing the attacker to view files like web.xml and resin-web.xml, which should not be accessible from the web.

Exploiting this vulnerability could lead to the exposure of sensitive information stored on the server, including configuration details, credentials, and proprietary data. This information leakage can facilitate further attacks, such as server compromise, data manipulation, or elevation of privileges. In a worst-case scenario, it could lead to a full system compromise.

By leveraging the security scanning capabilities of the S4E platform, users can identify and address vulnerabilities like the Directory Traversal flaw in Caucho Resin. Our platform offers detailed vulnerability assessments, actionable remediation guidance, and continuous monitoring to protect your digital assets from emerging threats. Joining S4E not only enhances your security posture but also provides peace of mind through comprehensive cyber threat management.

 

References

Get started to protecting your Free Full Security Scan