Family: CGI abuses --> Category: attack
Resin viewfile Servlet File Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to get the absolute installation path of Resin
Detailed Explanation for this Vulnerability Test
The remote web server is prone to arbitrary file access.
The remote host is running Resin, an application server.
The installation of Resin on the remote host includes a servlet, named
'viewfile', that lets an unauthenticated remote attacker view any file
within the web root directory on the affected host, which may lead to
a loss of confidentiality.
See also :
Remove the 'resin-doc.war' file and do not deploy using default
or upgrade to Resin 3.0.19 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.