Resin
CVE-2012-2969
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.
AnalysisAI
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request. Affected products include: Caucho Resin. Version information: before 4.0.29.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) oper
Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis o
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of v
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to c
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today