Incorrect Comparison

CVE-2012-2967

High

7.5/10

Summary

Caucho Quercus, as distributed in Resin versions prior to 4.0.29, does not properly implement the "==" operator for comparisons. This flaw has unspecified impact and context-dependent attack vectors, potentially leading to incorrect application logic or unintended behavior, depending on how the comparison results are used.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory
Advisory

Advisory Timeline

Published Aug 12, 2012

Incorrect Comparison

CVE-2012-2967

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS