Caucho Resin LFR

What is the "Caucho Resin LFR?"

The "Caucho Resin LFR" module is designed to detect a specific input verification vulnerability in the implementation of a CGI program in Resin. Resin is a Java-based application server that is commonly used to host web applications. This vulnerability allows remote attackers to read any files in the home directory of the web, including JSP source code or class files. The severity of this vulnerability is classified as high.

This module was authored by princechaddha.

Impact

If exploited, this vulnerability can lead to unauthorized access to sensitive files on the web server. This can potentially expose sensitive information, such as source code or configuration files, which can be used by attackers to gain further access or exploit other vulnerabilities in the system.

How the module works?

The "Caucho Resin LFR" module works by sending a specific HTTP request to the target server and then applying matching conditions to determine if the vulnerability is present. The module checks for the presence of a certain string in the response body of the HTTP request, which indicates the vulnerability.

Here is an example of an HTTP request sent by the module:

GET /resin-doc/viewfile/?file=index.jsp HTTP/1.1
Host: [target server]

The module then applies the following matching conditions:

- The HTTP response status code must be 200. - The response body must contain the following string: <%@ page session="false" import="com.caucho.vfs.*, com.caucho.server.webapp.*" %>

If both matching conditions are met, the module reports the presence of the vulnerability.

For more information, you can refer to the reference.