CVE-2021-44138 - OpenCVE

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Caucho	Resin

Configuration 1 [-]

cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/maybe-why-not/reponame/issues/2	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-04T12:03:05

Updated: 2022-04-04T12:03:05

Reserved: 2021-11-22T00:00:00

Link: CVE-2021-44138

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-04T13:15:07.590

Modified: 2022-04-11T18:40:46.887

Link: CVE-2021-44138

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6A24BD4-5628-4A51-95B6-D219436A46EA", "versionEndIncluding": "4.0.56", "versionStartIncluding": "4.0.52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de salto de directorio en Caucho Resin, distribuido en Resin versiones 4.0.52 - 4.0.56, que permite a atacantes remotos leer archivos en directorios arbitrarios por medio de un ; en un nombre de ruta dentro de una petici\u00f3n HTTP"}], "id": "CVE-2021-44138", "lastModified": "2022-04-11T18:40:46.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-04T13:15:07.590", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/maybe-why-not/reponame/issues/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}