Description

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

Remediation

References

CVE-2012-2965

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0129)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10681)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)

WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)

Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)

Severity

High

Classification

CVE-2012-2965 CWE-20

Tags

Missing Update Known Vulnerabilities