The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
References
Link | Resource |
---|---|
http://caucho.com/products/resin/download#download | Patch |
http://www.kb.cert.org/vuls/id/162308 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2014-07-26T15:00:00
Updated: 2014-07-26T14:57:00
Reserved: 2014-04-21T00:00:00
Link: CVE-2014-2966
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-07-26T15:55:03.527
Modified: 2014-07-28T19:00:17.440
Link: CVE-2014-2966
JSON object: View
Redhat Information
No data.