The host is running Caucho Resin and is prone to multiple cross-site scripting vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to the latest version of Caucho Technology Resin Professional 4.0.7: http://www.caucho.com/download

The flaw is caused by improper validation of user-supplied input via the 'digest_username' and 'digest_realm' parameters in resin-admin/digest.php that allows the attackers to insert arbitrary HTML and script code.

Caucho Technology Resin Professional 3.1.5, 3.1.10 and 4.0.6.

• http://packetstormsecurity.org/1005-exploits/cauchoresin312-xss.txt
• http://secunia.com/advisories/39839
• http://www.securityfocus.com/archive/1/511341

---

Updated on 2015-03-25