CVE-2014-2966

EUVD-2014-2988
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
cauchoresin
𝑥
≤ 4.0.39
cauchoresin
4.0.36
cauchoresin
4.0.37
cauchoresin
4.0.38
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://caucho.com/products/resin/download#download
http://www.kb.cert.org/vuls/id/162308
http://caucho.com/products/resin/download#download
http://www.kb.cert.org/vuls/id/162308