Login Sign Up

CVE-2021-44138

7.5 HIGH

📋 TL;DR

CVE-2021-44138 is a directory traversal vulnerability in Caucho Resin web servers that allows attackers to read arbitrary files by using semicolons in HTTP request paths. This affects Resin versions 4.0.52 through 4.0.56. Attackers can potentially access sensitive configuration files, source code, or credentials stored on the server.

💻 Affected Systems

Products:
  • Caucho Resin
Versions: 4.0.52 - 4.0.56
Operating Systems: All platforms running Resin
Default Config Vulnerable: ⚠️ Yes
Notes: All Resin installations within the affected version range are vulnerable by default.

📦 What is this software?

Resin by Caucho

View all CVEs affecting Resin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files like configuration files containing database credentials, private keys, or application source code, potentially leading to full system compromise.

🟠

Likely Case

Attackers can read arbitrary files accessible to the Resin process, potentially exposing sensitive application data or configuration information.

🟢

If Mitigated

With proper file system permissions and network segmentation, impact is limited to files accessible by the Resin process user.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP requests with crafted paths containing semicolons.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.57 and later

Vendor Advisory: https://caucho.com/products/resin/download

Restart Required: Yes

Instructions:

1. Download Resin 4.0.57 or later from the official website. 2. Stop the Resin service. 3. Replace the existing Resin installation with the patched version. 4. Restart the Resin service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement a servlet filter or web application firewall to reject HTTP requests containing semicolons in paths.

Restrict File System Access

linux

Run Resin with minimal file system permissions and use chroot/jail environments.

🧯 If You Can't Patch

  • Implement a web application firewall (WAF) with rules to block requests containing semicolons in paths.
  • Restrict network access to Resin servers using firewalls and only allow trusted sources.

🔍 How to Verify

Check if Vulnerable:

Check Resin version using 'java -jar resin.jar -version' or examine server startup logs. If version is between 4.0.52 and 4.0.56 inclusive, the system is vulnerable.

Check Version:

java -jar resin.jar -version

Verify Fix Applied:

After patching, verify the version is 4.0.57 or later using the same command. Test with crafted requests containing semicolons to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with semicolons in URL paths
  • Access to unusual file paths in web logs
  • Multiple 404 or 403 errors for crafted paths

Network Indicators:

  • HTTP requests with ';' characters in paths
  • Patterns of file path traversal attempts

SIEM Query:

source="resin.log" AND (url="*;*" OR status=404 AND url="*/../*")

📊 Metadata

CVE ID: CVE-2021-44138
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44138, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)