exploitDog

CVE-2014-2966

Опубликовано: 26 июл. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

Ссылки

http://caucho.com/products/resin/download#download
Patch
http://www.kb.cert.org/vuls/id/162308
Third Party Advisory
US Government Resource
http://caucho.com/products/resin/download#download
Patch
http://www.kb.cert.org/vuls/id/162308
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:caucho:resin:*:*:*:*:professional:*:*:*

Версия до 4.0.39 (включая)

cpe:2.3:a:caucho:resin:4.0.36:*:*:*:professional:*:*:*

cpe:2.3:a:caucho:resin:4.0.37:*:*:*:professional:*:*:*

cpe:2.3:a:caucho:resin:4.0.38:*:*:*:professional:*:*:*

EPSS

Процентиль: 60%

0.00397

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-3ff8-cpmw-v77w

github

больше 3 лет назад

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

EPSS

Процентиль: 60%

0.00397

Низкий

5 Medium

CVSS2

Дефекты

CWE-20