mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
126 lines
3.7 KiB
JSON
126 lines
3.7 KiB
JSON
{
|
|
"id": "CVE-2014-2966",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2014-07-26T15:55:03.527",
|
|
"lastModified": "2024-11-21T02:07:15.297",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El codificador ISO-8859-1 en Resin Pro anterior a 4.0.40 no realiza debidamente las transformaciones Unicode, lo que permite a atacantes remotos evadir las restricciones de texto a trav\u00e9s de caracteres manipulados, tal y como fue demostrado mediante la evasi\u00f3n de un mecanismo de protecci\u00f3n contra XSS."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:caucho:resin:*:*:*:*:professional:*:*:*",
|
|
"versionEndIncluding": "4.0.39",
|
|
"matchCriteriaId": "CF911461-9047-43E3-88FA-FDBD80EDBBAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:caucho:resin:4.0.36:*:*:*:professional:*:*:*",
|
|
"matchCriteriaId": "5ADC8207-50CE-4787-B858-CDC8942059A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:caucho:resin:4.0.37:*:*:*:professional:*:*:*",
|
|
"matchCriteriaId": "7883A7C0-4477-4344-882C-0861A25AB384"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:caucho:resin:4.0.38:*:*:*:professional:*:*:*",
|
|
"matchCriteriaId": "4DD1E629-560A-44A9-B246-FAC290B57650"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://caucho.com/products/resin/download#download",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/162308",
|
|
"source": "cret@cert.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://caucho.com/products/resin/download#download",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.kb.cert.org/vuls/id/162308",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"US Government Resource"
|
|
]
|
|
}
|
|
]
|
|
} |