Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0280


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0280
Last Modified 05 Sep 2008 04:38:01
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.

Vulnerable Systems


  • Caucho Technology Resin 2.1.12


XF - resin-source-disclosure(15085)

BID - 9614

BUGTRAQ - 20040205 Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/")

Last Updated: 27 May 2016 10:38:32