Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
| Score | Percentile |
|---|---|
| 1.52% | 80.80% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-g5fx-ccwv-5c4f ↗ |
| CVE | CVE-2012-2966 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| maven | com.caucho:resin | < 4.0.29 | 4.0.29 | — |