Skip to main content

Incorrect Comparison

CVE-2012-2967

Severity High
Score 7.5/10

Summary

Caucho Quercus, as distributed in Resin versions prior to 4.0.29, does not properly implement the "==" operator for comparisons. This flaw has unspecified impact and context-dependent attack vectors, potentially leading to incorrect application logic or unintended behavior, depending on how the comparison results are used.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Advisory Timeline

  • Published