Description

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

Remediation

References

CVE-2012-2965

Related Vulnerabilities

WordPress Plugin Import Export WordPress Users Security Bypass (1.3.8)

WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4083)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5770)

WordPress Plugin GD Mail Queue Cross-Site Scripting (3.9.3)

Severity

High

Classification

CVE-2012-2965 CWE-20

Tags

Missing Update Known Vulnerabilities