The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
References
Link | Resource |
---|---|
http://caucho.com/products/resin/download#download | Patch |
http://www.kb.cert.org/vuls/id/162308 | Third Party Advisory US Government Resource |
http://caucho.com/products/resin/download#download | Patch |
http://www.kb.cert.org/vuls/id/162308 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://caucho.com/products/resin/download#download - Patch | |
References | () http://www.kb.cert.org/vuls/id/162308 - Third Party Advisory, US Government Resource |
Information
Published : 2014-07-26 15:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2966
Mitre link : CVE-2014-2966
CVE.ORG link : CVE-2014-2966
JSON object : View
Products Affected
caucho
- resin