Positive TechnologiesPT-2012-05PT-2012-05: Multiple Vulnerabilities in Quercus
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.9%
PT-2012-05: Multiple Vulnerabilities in Quercus
Vulnerable software
Quercus on Resin
Version 4.0.28 and earlier
Application link:
<http://www.caucho.com/>[](<http://www.ibm.com/software/data/guardium/>)
Software description
Quercus on Resin is a Quercus implementation of PHP included in the Resin web server.
1. HTTP Parameter Contamination
Severity level: High
Impact: HTTP Parameter Contamination
Access Vector: Remote
CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE: CVE-2012-2965
Vulnerability description
Some special characters in variables names are handled inappropriately, which may be leveraged by attackers. Additionally, attackers may intentionally cause error 500.
2. Variables Globalization and Overwriting
Severity level: High
Impact: Variables Globalization and Overwriting
Access Vector: Remote
CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE: CVE-2012-2966
Vulnerability description
When parameters are transferred via POST, they globalize and the _SERVER array items may be overwritten.
3. Inappropriate Variable Comparison
Severity level: High
Impact: Inappropriate Variable Comparison
Access Vector: Remote
CVSS v2:
Base Score: 7.5
Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE: CVE-2012-2967
Vulnerability description
Flexible comparison (using the == operator) various types of variables is implemented inappropriately.
4. Path Traversal
Severity level: Medium
Impact: Path Traversal
Access Vector: Remote
CVSS v2:
Base Score: 5.0
Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE: CVE-2012-2968
Vulnerability description
When downloading files, the …/ string may be inserted into filenames (via forging HTTP requests). Such insertion allows downloading files to arbitrary directories (i.e. to conduct Path Traversal).
5. Null Byte Injection
Severity level: Medium
Impact: Null Byte Injection
Access Vector: Remote
CVSS v2:
Base Score: 6.4
Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE: CVE-2012-2969
Vulnerability description
When downloading files, null bytes may be inserted into filenames (via forging HTTP requests). As a result of the insertion, the string after the null byte will be dropped. The vulnerability allows attackers to bypass certain checks.
How to fix
Update your software up to the latest version
Advisory status
23.03.2012 - Vendor is notified
23.03.2012 - Vendor gets vulnerability details
19.04.2012 - Vulnerability details were sent to CERT
13.07.2012 - Vendor releases fixed version and details
31.08.2012 - Public disclosure
Credits
The vulnerabilities has discovered by Sergey Scherbel, Positive Research Center (Positive Technologies Company)
References
<http://en.securitylab.ru/lab/PT-2012-05>
<http://www.kb.cert.org/vuls/id/309979>
Reports on the vulnerabilities previously discovered by Positive Research:
<http://ptsecurity.com/research/advisory/>
<http://en.securitylab.ru/lab/>
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.9%