Vulnerability Description
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Caucho | Resin | <= 4.0.28 |
Related Weaknesses (CWE)
References
- http://caucho.com/resin-4.0/changes/changes.xtp
- http://en.securitylab.ru/lab/
- http://en.securitylab.ru/lab/PT-2012-05
- http://www.kb.cert.org/vuls/id/309979US Government Resource
- http://caucho.com/resin-4.0/changes/changes.xtp
- http://en.securitylab.ru/lab/
- http://en.securitylab.ru/lab/PT-2012-05
- http://www.kb.cert.org/vuls/id/309979US Government Resource
FAQ
What is CVE-2012-2965?
CVE-2012-2965 is a vulnerability with a CVSS score of 7.5 (HIGH). Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTT...
How severe is CVE-2012-2965?
CVE-2012-2965 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2965?
Check the references section above for vendor advisories and patch information. Affected products include: Caucho Resin.