Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters

Description

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Not specified
Published (advisory)
2022-05-17 05:23:56 UTC
Updated
2025-04-12 02:55:53 UTC
GitHub reviewed
2025-04-12 02:55:51 UTC
NVD published
2012-08-12

EPSS Score

Score Percentile
1.52% 80.80%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven com.caucho:resin < 4.0.29 4.0.29

References

cvelogic Threat Intelligence