CVE-2012-2966 — Caucho Quercus, as distributed in Resin, overwrites entries in SERVER supergloba

Description

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

How to fix CVE-2012-2966

To remediate CVE-2012-2966, upgrade the affected package to a fixed version below.

Maven/com.caucho:resin—upgrade to 4.0.29 or later

Is CVE-2012-2966 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.0.29

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-2966
WEBcaucho.com/resin-4.0/changes/changes.xtp
WEBen.securitylab.ru/lab
WEBweb.archive.org/web/20131210160901/http://en.securitylab.ru:80/lab/PT-2012-05
WEB