Summary
Resin will reveal the physical path of the webroot when asked for a special DOS device, e.g. lpt9.xtp
An attacker may use this flaw to gain further knowledge about the remote filesystem layout.
Solution
Upgrade to a later software version.
Severity
Classification
-
CVE CVE-2002-2090 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- 123 Flash Chat Multiple Security Vulnerabilities