Description
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/309979
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/PT-2012-05
Various Sources x_refsource_misc
http://caucho.com/resin-4.0/changes/changes.xtp
Scores
EPSS
0.0162
EPSS Percentile
73.2%
Details
CWE
CWE-20
Status
published
Products (50)
caucho/resin
2.0.0
caucho/resin
2.0.1
caucho/resin
2.0.2
caucho/resin
2.0.3
caucho/resin
2.0.4
caucho/resin
2.0.5
caucho/resin
2.1.0
caucho/resin
2.1.1
caucho/resin
2.1.2
caucho/resin
2.1.3
... and 40 more
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026