CVE-2012-2969

EUVD-2012-2947
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
cauchoresin
𝑥
≤ 4.0.28
cauchoresin
2.0.0
cauchoresin
2.0.1
cauchoresin
2.0.2
cauchoresin
2.0.3
cauchoresin
2.0.4
cauchoresin
2.0.5
cauchoresin
2.1.0
cauchoresin
2.1.1
cauchoresin
2.1.2
cauchoresin
2.1.3
cauchoresin
2.1.4
cauchoresin
2.1.5
cauchoresin
2.1.6
cauchoresin
2.1.7
cauchoresin
2.1.8
cauchoresin
2.1.9
cauchoresin
2.1.10
cauchoresin
2.1.11
cauchoresin
2.1.12
cauchoresin
2.1.13
cauchoresin
2.1.14
cauchoresin
2.1.15
cauchoresin
2.1.16
cauchoresin
2.1.snap:snap
cauchoresin
3.0.0
cauchoresin
3.0.1:beta
cauchoresin
3.0.2:beta
cauchoresin
3.0.3
cauchoresin
3.0.4
cauchoresin
3.0.5
cauchoresin
3.0.6
cauchoresin
3.0.7
cauchoresin
3.0.8
cauchoresin
3.0.9
cauchoresin
3.0.10
cauchoresin
3.0.11
cauchoresin
3.0.12
cauchoresin
3.0.13
cauchoresin
3.0.14
cauchoresin
3.0.15
cauchoresin
3.0.16
cauchoresin
3.0.17
cauchoresin
3.0.18
cauchoresin
3.0.19
cauchoresin
3.0.20
cauchoresin
3.1.0
cauchoresin
3.1.1
cauchoresin
3.1.2
cauchoresin
3.1.3
cauchoresin
3.1.4
cauchoresin
3.1.5
cauchoresin
3.1.6
cauchoresin
3.1.7
cauchoresin
3.1.8
cauchoresin
3.1.9
cauchoresin
3.1.10
cauchoresin
3.1.11
cauchoresin
3.1.12
cauchoresin
3.1.13
cauchoresin
4.0.0
cauchoresin
4.0.1
cauchoresin
4.0.2
cauchoresin
4.0.3
cauchoresin
4.0.4
cauchoresin
4.0.5
cauchoresin
4.0.6
cauchoresin
4.0.7
cauchoresin
4.0.8
cauchoresin
4.0.9
cauchoresin
4.0.10
cauchoresin
4.0.11
cauchoresin
4.0.12
cauchoresin
4.0.13
cauchoresin
4.0.14
cauchoresin
4.0.15
cauchoresin
4.0.16
cauchoresin
4.0.17
cauchoresin
4.0.18
cauchoresin
4.0.19
cauchoresin
4.0.20
cauchoresin
4.0.21
cauchoresin
4.0.22
cauchoresin
4.0.23
cauchoresin
4.0.24
cauchoresin
4.0.25
cauchoresin
4.0.26
cauchoresin
4.0.27
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://caucho.com/resin-4.0/changes/changes.xtp
http://en.securitylab.ru/lab/
http://en.securitylab.ru/lab/PT-2012-05
http://www.kb.cert.org/vuls/id/309979
http://caucho.com/resin-4.0/changes/changes.xtp
http://en.securitylab.ru/lab/
http://en.securitylab.ru/lab/PT-2012-05
http://www.kb.cert.org/vuls/id/309979