Description
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
Affected products
- caucho_technology / resin1.2 – 1.2
- caucho_technology / resin1.3 – 1.3