Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:L/Au:N/C:N/I:P/A:P
Vendors | Products |
---|---|
Caucho |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
http://caucho.com/resin-4.0/changes/changes.xtp | |
http://en.securitylab.ru/lab/ | |
http://en.securitylab.ru/lab/PT-2012-05 | |
http://www.kb.cert.org/vuls/id/309979 | US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2022-10-03T16:15:36
Updated: 2022-10-03T16:15:36
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-2969
JSON object: View
NVD Information
Status : Analyzed
Published: 2012-08-12T16:55:01.293
Modified: 2012-09-04T04:00:00.000
Link: CVE-2012-2969
JSON object: View
Redhat Information
No data.
CWE