Description

Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.

Remediation

References

CVE-2012-2968

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8874)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9515)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7908)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6634)

WordPress Plugin Google AdSense Click-Fraud Monitoring Cross-Site Scripting (1.8.6)

Severity

Medium

Classification

CVE-2012-2968 CWE-22

Tags

Missing Update Known Vulnerabilities