CVE-2012-2966

EPSS 1.5%

Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters

Published: 5/17/2022Modified: 4/12/2025

Description

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

Affected packages (1)

Maven/com.caucho:resinfrom 0, < 4.0.29

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-2966
WEBhttp://caucho.com/resin-4.0/changes/changes.xtp
WEBhttp://en.securitylab.ru/lab
WEBhttps://web.archive.org/web/20131210160901/http://en.securitylab.ru:80/lab/PT-2012-05
WEBhttp://www.kb.cert.org/vuls/id/309979