CVE-2014-2966
Resin Pro < 4.0.40 - XSS Protection Bypass via ISO-8859-1 Unicode Transformation
Title source: llmDescription
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/162308
Patch x_refsource_confirm
http://caucho.com/products/resin/download#download
Scores
EPSS
0.0167
EPSS Percentile
74.0%
Details
CWE
CWE-20
CWE-264
Status
published
Products (4)
caucho/resin
4.0.36
caucho/resin
4.0.37
caucho/resin
4.0.38
caucho/resin
< 4.0.39
Published
Jul 26, 2014
Tracked Since
Feb 18, 2026