First published: Sat Jul 26 2014(Updated: )
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Caucho Resin | <=4.0.39 | |
Caucho Resin | =4.0.36 | |
Caucho Resin | =4.0.37 | |
Caucho Resin | =4.0.38 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.