The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
References
Link | Resource |
---|---|
http://caucho.com/products/resin/download#download | Patch |
http://www.kb.cert.org/vuls/id/162308 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2014-07-26 15:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-2966
Mitre link : CVE-2014-2966
CVE.ORG link : CVE-2014-2966
JSON object : View
Products Affected
caucho
- resin