CVE-2012-2968

CVE Descriptions

Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:N/I:P/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Caucho>>Resin >> Version To (including) 4.0.28

Caucho>>Resin >> Version 2.0.0 (Open CPE detail)
Caucho>>Resin >> Version 2.0.1 (Open CPE detail)
Caucho>>Resin >> Version 2.0.2 (Open CPE detail)
Caucho>>Resin >> Version 2.0.3 (Open CPE detail)
Caucho>>Resin >> Version 2.0.4 (Open CPE detail)
Caucho>>Resin >> Version 2.0.5 (Open CPE detail)
Caucho>>Resin >> Version 2.1.0 (Open CPE detail)
Caucho>>Resin >> Version 2.1.1 (Open CPE detail)
Caucho>>Resin >> Version 2.1.2 (Open CPE detail)
Caucho>>Resin >> Version 2.1.3 (Open CPE detail)
Caucho>>Resin >> Version 2.1.4 (Open CPE detail)
Caucho>>Resin >> Version 2.1.5 (Open CPE detail)
Caucho>>Resin >> Version 2.1.6 (Open CPE detail)
Caucho>>Resin >> Version 2.1.7 (Open CPE detail)
Caucho>>Resin >> Version 2.1.8 (Open CPE detail)
Caucho>>Resin >> Version 2.1.9 (Open CPE detail)
Caucho>>Resin >> Version 2.1.10 (Open CPE detail)
Caucho>>Resin >> Version 2.1.11 (Open CPE detail)
Caucho>>Resin >> Version 2.1.12 (Open CPE detail)
Caucho>>Resin >> Version 2.1.13 (Open CPE detail)
Caucho>>Resin >> Version 2.1.14 (Open CPE detail)
Caucho>>Resin >> Version 2.1.15 (Open CPE detail)
Caucho>>Resin >> Version 2.1.16 (Open CPE detail)
Caucho>>Resin >> Version 2.1.snap (Open CPE detail)
Caucho>>Resin >> Version 3.0.0 (Open CPE detail)
Caucho>>Resin >> Version 3.0.1 (Open CPE detail)
Caucho>>Resin >> Version 3.0.2 (Open CPE detail)
Caucho>>Resin >> Version 3.0.3 (Open CPE detail)
Caucho>>Resin >> Version 3.0.4 (Open CPE detail)
Caucho>>Resin >> Version 3.0.5 (Open CPE detail)
Caucho>>Resin >> Version 3.0.6 (Open CPE detail)
Caucho>>Resin >> Version 3.0.7 (Open CPE detail)
Caucho>>Resin >> Version 3.0.8 (Open CPE detail)
Caucho>>Resin >> Version 3.0.9 (Open CPE detail)
Caucho>>Resin >> Version 3.0.10 (Open CPE detail)
Caucho>>Resin >> Version 3.0.11 (Open CPE detail)
Caucho>>Resin >> Version 3.0.12 (Open CPE detail)
Caucho>>Resin >> Version 3.0.13 (Open CPE detail)
Caucho>>Resin >> Version 3.0.14 (Open CPE detail)
Caucho>>Resin >> Version 3.0.15 (Open CPE detail)
Caucho>>Resin >> Version 3.0.16 (Open CPE detail)
Caucho>>Resin >> Version 3.0.17 (Open CPE detail)
Caucho>>Resin >> Version 3.0.18 (Open CPE detail)
Caucho>>Resin >> Version 3.0.19 (Open CPE detail)
Caucho>>Resin >> Version 3.0.20 (Open CPE detail)
Caucho>>Resin >> Version 3.0.21 (Open CPE detail)
Caucho>>Resin >> Version 3.0.22 (Open CPE detail)
Caucho>>Resin >> Version 3.0.23 (Open CPE detail)
Caucho>>Resin >> Version 3.0.25 (Open CPE detail)
Caucho>>Resin >> Version 3.1.0 (Open CPE detail)
Caucho>>Resin >> Version 3.1.1 (Open CPE detail)
Caucho>>Resin >> Version 3.1.2 (Open CPE detail)
Caucho>>Resin >> Version 3.1.3 (Open CPE detail)
Caucho>>Resin >> Version 3.1.4 (Open CPE detail)
Caucho>>Resin >> Version 3.1.5 (Open CPE detail)
Caucho>>Resin >> Version 3.1.6 (Open CPE detail)
Caucho>>Resin >> Version 3.1.7 (Open CPE detail)
Caucho>>Resin >> Version 3.1.8 (Open CPE detail)
Caucho>>Resin >> Version 3.1.9 (Open CPE detail)
Caucho>>Resin >> Version 3.1.10 (Open CPE detail)
Caucho>>Resin >> Version 3.1.11 (Open CPE detail)
Caucho>>Resin >> Version 3.1.12 (Open CPE detail)
Caucho>>Resin >> Version 3.1.13 (Open CPE detail)
Caucho>>Resin >> Version 4.0.0 (Open CPE detail)
Caucho>>Resin >> Version 4.0.1 (Open CPE detail)
Caucho>>Resin >> Version 4.0.2 (Open CPE detail)
Caucho>>Resin >> Version 4.0.3 (Open CPE detail)
Caucho>>Resin >> Version 4.0.4 (Open CPE detail)
Caucho>>Resin >> Version 4.0.5 (Open CPE detail)
Caucho>>Resin >> Version 4.0.6 (Open CPE detail)
Caucho>>Resin >> Version 4.0.7 (Open CPE detail)
Caucho>>Resin >> Version 4.0.8 (Open CPE detail)
Caucho>>Resin >> Version 4.0.9 (Open CPE detail)
Caucho>>Resin >> Version 4.0.10 (Open CPE detail)
Caucho>>Resin >> Version 4.0.11 (Open CPE detail)
Caucho>>Resin >> Version 4.0.12 (Open CPE detail)
Caucho>>Resin >> Version 4.0.13 (Open CPE detail)
Caucho>>Resin >> Version 4.0.14 (Open CPE detail)
Caucho>>Resin >> Version 4.0.15 (Open CPE detail)
Caucho>>Resin >> Version 4.0.16 (Open CPE detail)
Caucho>>Resin >> Version 4.0.17 (Open CPE detail)
Caucho>>Resin >> Version 4.0.18 (Open CPE detail)
Caucho>>Resin >> Version 4.0.19 (Open CPE detail)
Caucho>>Resin >> Version 4.0.20 (Open CPE detail)
Caucho>>Resin >> Version 4.0.21 (Open CPE detail)
Caucho>>Resin >> Version 4.0.22 (Open CPE detail)
Caucho>>Resin >> Version 4.0.23 (Open CPE detail)
Caucho>>Resin >> Version 4.0.24 (Open CPE detail)
Caucho>>Resin >> Version 4.0.25 (Open CPE detail)
Caucho>>Resin >> Version 4.0.26 (Open CPE detail)
Caucho>>Resin >> Version 4.0.27 (Open CPE detail)
Caucho>>Resin >> Version 4.0.28 (Open CPE detail)

Caucho>>Resin >> Version 2.0.0

Caucho>>Resin >> Version 2.0.0 (Open CPE detail)

Caucho>>Resin >> Version 2.0.1

Caucho>>Resin >> Version 2.0.1 (Open CPE detail)

Caucho>>Resin >> Version 2.0.2

Caucho>>Resin >> Version 2.0.2 (Open CPE detail)

Caucho>>Resin >> Version 2.0.3

Caucho>>Resin >> Version 2.0.3 (Open CPE detail)

Caucho>>Resin >> Version 2.0.4

Caucho>>Resin >> Version 2.0.4 (Open CPE detail)

Caucho>>Resin >> Version 2.0.5

Caucho>>Resin >> Version 2.0.5 (Open CPE detail)

Caucho>>Resin >> Version 2.1.0

Caucho>>Resin >> Version 2.1.0 (Open CPE detail)

Caucho>>Resin >> Version 2.1.1

Caucho>>Resin >> Version 2.1.1 (Open CPE detail)

Caucho>>Resin >> Version 2.1.2

Caucho>>Resin >> Version 2.1.2 (Open CPE detail)

Caucho>>Resin >> Version 2.1.3

Caucho>>Resin >> Version 2.1.3 (Open CPE detail)

Caucho>>Resin >> Version 2.1.4

Caucho>>Resin >> Version 2.1.4 (Open CPE detail)

Caucho>>Resin >> Version 2.1.5

Caucho>>Resin >> Version 2.1.5 (Open CPE detail)

Caucho>>Resin >> Version 2.1.6

Caucho>>Resin >> Version 2.1.6 (Open CPE detail)

Caucho>>Resin >> Version 2.1.7

Caucho>>Resin >> Version 2.1.7 (Open CPE detail)

Caucho>>Resin >> Version 2.1.8

Caucho>>Resin >> Version 2.1.8 (Open CPE detail)

Caucho>>Resin >> Version 2.1.9

Caucho>>Resin >> Version 2.1.9 (Open CPE detail)

Caucho>>Resin >> Version 2.1.10

Caucho>>Resin >> Version 2.1.10 (Open CPE detail)

Caucho>>Resin >> Version 2.1.11

Caucho>>Resin >> Version 2.1.11 (Open CPE detail)

Caucho>>Resin >> Version 2.1.12

Caucho>>Resin >> Version 2.1.12 (Open CPE detail)

Caucho>>Resin >> Version 2.1.13

Caucho>>Resin >> Version 2.1.13 (Open CPE detail)

Caucho>>Resin >> Version 2.1.14

Caucho>>Resin >> Version 2.1.14 (Open CPE detail)

Caucho>>Resin >> Version 2.1.15

Caucho>>Resin >> Version 2.1.15 (Open CPE detail)

Caucho>>Resin >> Version 2.1.16

Caucho>>Resin >> Version 2.1.16 (Open CPE detail)

Caucho>>Resin >> Version 2.1.snap

Caucho>>Resin >> Version 2.1.snap (Open CPE detail)

Caucho>>Resin >> Version 3.0.0

Caucho>>Resin >> Version 3.0.0 (Open CPE detail)

Caucho>>Resin >> Version 3.0.1

Caucho>>Resin >> Version 3.0.1 (Open CPE detail)

Caucho>>Resin >> Version 3.0.2

Caucho>>Resin >> Version 3.0.2 (Open CPE detail)

Caucho>>Resin >> Version 3.0.3

Caucho>>Resin >> Version 3.0.3 (Open CPE detail)

Caucho>>Resin >> Version 3.0.4

Caucho>>Resin >> Version 3.0.4 (Open CPE detail)

Caucho>>Resin >> Version 3.0.5

Caucho>>Resin >> Version 3.0.5 (Open CPE detail)

Caucho>>Resin >> Version 3.0.6

Caucho>>Resin >> Version 3.0.6 (Open CPE detail)

Caucho>>Resin >> Version 3.0.7

Caucho>>Resin >> Version 3.0.7 (Open CPE detail)

Caucho>>Resin >> Version 3.0.8

Caucho>>Resin >> Version 3.0.8 (Open CPE detail)

Caucho>>Resin >> Version 3.0.9

Caucho>>Resin >> Version 3.0.9 (Open CPE detail)

Caucho>>Resin >> Version 3.0.10

Caucho>>Resin >> Version 3.0.10 (Open CPE detail)

Caucho>>Resin >> Version 3.0.11

Caucho>>Resin >> Version 3.0.11 (Open CPE detail)

Caucho>>Resin >> Version 3.0.12

Caucho>>Resin >> Version 3.0.12 (Open CPE detail)

Caucho>>Resin >> Version 3.0.13

Caucho>>Resin >> Version 3.0.13 (Open CPE detail)

Caucho>>Resin >> Version 3.0.14

Caucho>>Resin >> Version 3.0.14 (Open CPE detail)

Caucho>>Resin >> Version 3.0.15

Caucho>>Resin >> Version 3.0.15 (Open CPE detail)

Caucho>>Resin >> Version 3.0.16

Caucho>>Resin >> Version 3.0.16 (Open CPE detail)

Caucho>>Resin >> Version 3.0.17

Caucho>>Resin >> Version 3.0.17 (Open CPE detail)

Caucho>>Resin >> Version 3.0.18

Caucho>>Resin >> Version 3.0.18 (Open CPE detail)

Caucho>>Resin >> Version 3.0.19

Caucho>>Resin >> Version 3.0.19 (Open CPE detail)

Caucho>>Resin >> Version 3.0.20

Caucho>>Resin >> Version 3.0.20 (Open CPE detail)

Caucho>>Resin >> Version 3.1.0

Caucho>>Resin >> Version 3.1.0 (Open CPE detail)

Caucho>>Resin >> Version 3.1.1

Caucho>>Resin >> Version 3.1.1 (Open CPE detail)

Caucho>>Resin >> Version 3.1.2

Caucho>>Resin >> Version 3.1.2 (Open CPE detail)

Caucho>>Resin >> Version 3.1.3

Caucho>>Resin >> Version 3.1.3 (Open CPE detail)

Caucho>>Resin >> Version 3.1.4

Caucho>>Resin >> Version 3.1.4 (Open CPE detail)

Caucho>>Resin >> Version 3.1.5

Caucho>>Resin >> Version 3.1.5 (Open CPE detail)

Caucho>>Resin >> Version 3.1.6

Caucho>>Resin >> Version 3.1.6 (Open CPE detail)

Caucho>>Resin >> Version 3.1.7

Caucho>>Resin >> Version 3.1.7 (Open CPE detail)

Caucho>>Resin >> Version 3.1.8

Caucho>>Resin >> Version 3.1.8 (Open CPE detail)

Caucho>>Resin >> Version 3.1.9

Caucho>>Resin >> Version 3.1.9 (Open CPE detail)

Caucho>>Resin >> Version 3.1.10

Caucho>>Resin >> Version 3.1.10 (Open CPE detail)

Caucho>>Resin >> Version 3.1.11

Caucho>>Resin >> Version 3.1.11 (Open CPE detail)

Caucho>>Resin >> Version 3.1.12

Caucho>>Resin >> Version 3.1.12 (Open CPE detail)

Caucho>>Resin >> Version 3.1.13

Caucho>>Resin >> Version 3.1.13 (Open CPE detail)

Caucho>>Resin >> Version 4.0.0

Caucho>>Resin >> Version 4.0.0 (Open CPE detail)

Caucho>>Resin >> Version 4.0.1

Caucho>>Resin >> Version 4.0.1 (Open CPE detail)

Caucho>>Resin >> Version 4.0.2

Caucho>>Resin >> Version 4.0.2 (Open CPE detail)

Caucho>>Resin >> Version 4.0.3

Caucho>>Resin >> Version 4.0.3 (Open CPE detail)

Caucho>>Resin >> Version 4.0.4

Caucho>>Resin >> Version 4.0.4 (Open CPE detail)

Caucho>>Resin >> Version 4.0.5

Caucho>>Resin >> Version 4.0.5 (Open CPE detail)

Caucho>>Resin >> Version 4.0.6

Caucho>>Resin >> Version 4.0.6 (Open CPE detail)

Caucho>>Resin >> Version 4.0.7

Caucho>>Resin >> Version 4.0.7 (Open CPE detail)

Caucho>>Resin >> Version 4.0.8

Caucho>>Resin >> Version 4.0.8 (Open CPE detail)

Caucho>>Resin >> Version 4.0.9

Caucho>>Resin >> Version 4.0.9 (Open CPE detail)

Caucho>>Resin >> Version 4.0.10

Caucho>>Resin >> Version 4.0.10 (Open CPE detail)

Caucho>>Resin >> Version 4.0.11

Caucho>>Resin >> Version 4.0.11 (Open CPE detail)

Caucho>>Resin >> Version 4.0.12

Caucho>>Resin >> Version 4.0.12 (Open CPE detail)

Caucho>>Resin >> Version 4.0.13

Caucho>>Resin >> Version 4.0.13 (Open CPE detail)

Caucho>>Resin >> Version 4.0.14

Caucho>>Resin >> Version 4.0.14 (Open CPE detail)

Caucho>>Resin >> Version 4.0.15

Caucho>>Resin >> Version 4.0.15 (Open CPE detail)

Caucho>>Resin >> Version 4.0.16

Caucho>>Resin >> Version 4.0.16 (Open CPE detail)

Caucho>>Resin >> Version 4.0.17

Caucho>>Resin >> Version 4.0.17 (Open CPE detail)

Caucho>>Resin >> Version 4.0.18

Caucho>>Resin >> Version 4.0.18 (Open CPE detail)

Caucho>>Resin >> Version 4.0.19

Caucho>>Resin >> Version 4.0.19 (Open CPE detail)

Caucho>>Resin >> Version 4.0.20

Caucho>>Resin >> Version 4.0.20 (Open CPE detail)

Caucho>>Resin >> Version 4.0.21

Caucho>>Resin >> Version 4.0.21 (Open CPE detail)

Caucho>>Resin >> Version 4.0.22

Caucho>>Resin >> Version 4.0.22 (Open CPE detail)

Caucho>>Resin >> Version 4.0.23

Caucho>>Resin >> Version 4.0.23 (Open CPE detail)

Caucho>>Resin >> Version 4.0.24

Caucho>>Resin >> Version 4.0.24 (Open CPE detail)

Caucho>>Resin >> Version 4.0.25

Caucho>>Resin >> Version 4.0.25 (Open CPE detail)

Caucho>>Resin >> Version 4.0.26

Caucho>>Resin >> Version 4.0.26 (Open CPE detail)

Caucho>>Resin >> Version 4.0.27

Caucho>>Resin >> Version 4.0.27 (Open CPE detail)

References

http://www.kb.cert.org/vuls/id/309979
Tags : third-party-advisory, x_refsource_CERT-VN

http://en.securitylab.ru/lab/
Tags : x_refsource_MISC

http://en.securitylab.ru/lab/PT-2012-05
Tags : x_refsource_MISC

http://caucho.com/resin-4.0/changes/changes.xtp
Tags : x_refsource_MISC

CVE-2012-2968 : Detail