Bypassing Filename Extension Restrictions in Caucho Quercus

CVE-2012-2969 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.

Learn more about our Web Application Penetration Testing UK.