Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
BID:68859
Info
Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
| Bugtraq ID: | 68859 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-2966 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2014 12:00AM |
| Updated: | Jul 23 2014 12:00AM |
| Credit: | Yoel Gluck and Angelo Prado from Salesforce. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
Resin is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
An attacker can exploit this issue to bypass certain security restrictions and perform cross-site scripting, open-redirect and other attacks. This may lead to further attacks.
Resin 4.0.39 is vulnerable; prior versions may also be affected.
Resin is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
An attacker can exploit this issue to bypass certain security restrictions and perform cross-site scripting, open-redirect and other attacks. This may lead to further attacks.
Resin 4.0.39 is vulnerable; prior versions may also be affected.
Exploit / POC
Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Solution / Fix
Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Resin 'Unicode Transformations' CVE-2014-2966 Security Bypass Vulnerability
References:
References: