Caucho

Resin

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-44138

Exploit
  • EPSS 81.63%
  • Published 04.04.2022 13:15:07
  • Last modified 21.11.2024 06:30:25

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.

5

CVE-2014-2966

  • EPSS 0.4%
  • Published 26.07.2014 15:55:03
  • Last modified 12.04.2025 10:46:40

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

7.5

CVE-2012-2965

  • EPSS 1.79%
  • Published 12.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue.

7.5

CVE-2012-2966

  • EPSS 1.79%
  • Published 12.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

7.5

CVE-2012-2967

  • EPSS 1.79%
  • Published 12.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.

5

CVE-2012-2968

  • EPSS 0.51%
  • Published 12.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.

6.4

CVE-2012-2969

  • EPSS 0.82%
  • Published 12.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.

4.3

CVE-2010-2032

Exploit
  • EPSS 2.25%
  • Published 24.05.2010 19:30:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_r...

4.3

CVE-2008-2462

  • EPSS 3.87%
  • Published 30.06.2008 22:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

5

CVE-2004-0281

Exploit
  • EPSS 13.39%
  • Published 23.11.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.