CVE-2012-2967 — Caucho Quercus, as distributed in Resin, does not properly implement the `==` op

Description

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the `==` (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors.

How to fix CVE-2012-2967

To remediate CVE-2012-2967, upgrade the affected package to a fixed version below.

Maven/com.caucho:resin—upgrade to 4.0.29 or later

Is CVE-2012-2967 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.0.29

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-2967
WEBen.securitylab.ru/lab
WEBen.securitylab.ru/lab/PT-2012-05
WEBweb.archive.org/web/20131210160901/http://en.securitylab.ru:80/lab/PT-2012-05
WEB