CVE-2002-2090 — MEDIUM (5.0)

Vulnerability Description

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Caucho Technology	Resin	2.1.1

References

http://seclists.org/bugtraq/2002/Jul/0186.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/5252
http://seclists.org/bugtraq/2002/Jul/0186.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/5252

FAQ

What is CVE-2002-2090?

CVE-2002-2090 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.

How severe is CVE-2002-2090?

CVE-2002-2090 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-2090?

Check the references section above for vendor advisories and patch information. Affected products include: Caucho Technology Resin.