Description

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.

Remediation

References

CVE-2012-2969

Related Vulnerabilities

MySQL CVE-2016-3588 Vulnerability (CVE-2016-3588)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.6.6)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)

Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)

Nexus Repository Manager Incorrect Default Permissions Vulnerability (CVE-2019-9630)

Severity

Medium

Classification

CVE-2012-2969 CWE-264

Tags

Missing Update Known Vulnerabilities