CVE-2021-44138
published 2022-04-04CVE-2021-44138: There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary…
PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.12%
96.1th percentile
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| caucho | resin | 4.0.52 – 4.0.56 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
detection:
selection:
http.uri|contains: ';'
filter:
http.uri|contains:
- '.jsp'
- '.jspx'
condition: selection- →Directory traversal is triggered by injecting a semicolon (;) into the URI path within an HTTP request to Caucho Resin. Monitor HTTP requests to Resin servers for URIs containing semicolons combined with path traversal sequences (e.g., ../). ↗
- →Successful exploitation responses return HTTP 200 with Content-Type of text/xml or application/xml. Correlate 200 responses containing XML content-types to traversal-pattern URIs on Resin servers.
- →Affected versions are Resin 4.0.52 through 4.0.56. Prioritize detection on hosts running these specific Resin versions. ↗
- ·The vulnerability affects only Resin versions 4.0.52 through 4.0.56. Detection rules should be scoped to these versions to reduce false positives. ↗
- ·The Nuclei template uses an AND condition combining the semicolon-in-path check, XML content-type in response header, and HTTP 200 status. All three conditions must be met for a confirmed hit; tuning any single condition alone will increase false positive rate.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path Traversal in Caucho Resin
ghsa·2022-04-05
CVE-2021-44138 [HIGH] CWE-22 Path Traversal in Caucho Resin
Path Traversal in Caucho Resin
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
OSV
Path Traversal in Caucho Resin
osv·2022-04-05
CVE-2021-44138 [HIGH] Path Traversal in Caucho Resin
Path Traversal in Caucho Resin
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
No detection rules found.
Nuclei
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
nuclei·CVSS 7.5
CVE-2021-44138 [HIGH] Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
Caucho Resin >=4.0.52 =4.0.52 "
condition: and
- type: word
part: header
words:
- "text/xml"
- "application/xml"
condition: or
- type: status
status:
- 200
# digest: 4b0a00483046022100f3a1ebd8c026ed3f9a94b4d8df9f2eb928848508131df8358cd4d11c03d9a3ee0221008397b0f4d9df5ac78c911510466d816b8e124f8f6f96ef6b21093baff73f9e81:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-04-04
Published