CVE-2014-2966

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
References
Link Resource
http://caucho.com/products/resin/download#download Patch
http://www.kb.cert.org/vuls/id/162308 Third Party Advisory US Government Resource
http://caucho.com/products/resin/download#download Patch
http://www.kb.cert.org/vuls/id/162308 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:caucho:resin:*:*:*:*:professional:*:*:*
cpe:2.3:a:caucho:resin:4.0.36:*:*:*:professional:*:*:*
cpe:2.3:a:caucho:resin:4.0.37:*:*:*:professional:*:*:*
cpe:2.3:a:caucho:resin:4.0.38:*:*:*:professional:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://caucho.com/products/resin/download#download - Patch () http://caucho.com/products/resin/download#download - Patch
References () http://www.kb.cert.org/vuls/id/162308 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/162308 - Third Party Advisory, US Government Resource

Information

Published : 2014-07-26 15:55

Updated : 2024-11-21 02:07


NVD link : CVE-2014-2966

Mitre link : CVE-2014-2966

CVE.ORG link : CVE-2014-2966


JSON object : View

Products Affected

caucho

  • resin
CWE
CWE-20

Improper Input Validation

CWE-264

Permissions, Privileges, and Access Controls