Caucho

Resin

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-44138

Exploit
  • EPSS 81.63%
  • Veröffentlicht 04.04.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:25

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.

5

CVE-2014-2966

  • EPSS 0.4%
  • Veröffentlicht 26.07.2014 15:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

7.5

CVE-2012-2965

  • EPSS 1.79%
  • Veröffentlicht 12.08.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

7.5

CVE-2012-2966

  • EPSS 1.79%
  • Veröffentlicht 12.08.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

7.5

CVE-2012-2967

  • EPSS 1.79%
  • Veröffentlicht 12.08.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.

5

CVE-2012-2968

  • EPSS 0.51%
  • Veröffentlicht 12.08.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.

6.4

CVE-2012-2969

  • EPSS 0.82%
  • Veröffentlicht 12.08.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.

4.3

CVE-2010-2032

Exploit
  • EPSS 2.25%
  • Veröffentlicht 24.05.2010 19:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_r...

4.3

CVE-2008-2462

  • EPSS 3.87%
  • Veröffentlicht 30.06.2008 22:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

5

CVE-2004-0281

Exploit
  • EPSS 13.39%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.