CVE-2012-2966

Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors...

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet...

acegisecurity:acegi-security-resin (=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.3) +3 more potentially affected by CVE-2012-2966 via com.caucho:resin (=3.0.9)

com.caucho:resin MAVEN version =3.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on com.caucho:resin and may be impacted: - acegisecurity:acegi-security-resin =0.9.0 - ch.qos.logback:logback-access =$parent.version, =2.3.0, =1.0.0, =2.0.0, =2.0.4...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the SERVER superglobal array. An attacker can overwrite entries in this array by sending crafted POST parameters. Remediation Upgrade com.caucho:resin to...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of unspecified characters in variable names. An attacker can exploit this vulnerability to manipulate or contaminate HTTP parameters by sending crafted requests with malicious variable...

acegisecurity:acegi-security-resin (=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.3) +3 more potentially affected by CVE-2012-2965 via com.caucho:resin (=3.0.9)

com.caucho:resin MAVEN version =3.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on com.caucho:resin and may be impacted: - acegisecurity:acegi-security-resin =0.9.0 - ch.qos.logback:logback-access =$parent.version, =2.3.0, =1.0.0, =2.0.0, =2.0.4...

CVE-2004-0280

Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" encoded space character, e.g. index.jsp%20...

Caucho Technology Resin 2.1.12 - Directory Listings Disclosure

source: https://www.securityfocus.com/bid/9617/info It has been reported that Resin may be prone to an information disclosure vulnerability that may allow an attacker to disclose directory listings by passing malicious data via a URI parameter. The issue has been reported to present itself on...