CVE-2012-2965

Caucho Quercus <4.0.29 - Info Disclosure

Title source: llm
STIX 2.1

Description

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/309979
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/PT-2012-05
Various Sources x_refsource_misc
http://caucho.com/resin-4.0/changes/changes.xtp

Scores

EPSS 0.0162
EPSS Percentile 73.2%

Details

CWE
CWE-20
Status published
Products (50)
caucho/resin 2.0.0
caucho/resin 2.0.1
caucho/resin 2.0.2
caucho/resin 2.0.3
caucho/resin 2.0.4
caucho/resin 2.0.5
caucho/resin 2.1.0
caucho/resin 2.1.1
caucho/resin 2.1.2
caucho/resin 2.1.3
... and 40 more
Published Aug 12, 2012
Tracked Since Feb 18, 2026