CVE-2012-2966: Caucho Quercus, as distributed in Resin, overwrites entries in SERVER superglobal array on basis of POST parameters

May 17, 2022 (updated April 12, 2025)

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.

References

github.com/advisories/GHSA-g5fx-ccwv-5c4f
nvd.nist.gov/vuln/detail/CVE-2012-2966
web.archive.org/web/20131210160901/http://en.securitylab.ru:80/lab/PT-2012-05

Code Behaviors & Features

Detect and mitigate CVE-2012-2966 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →