Lucene search

[email protected]CVE-2014-10079

HistoryFeb 23, 2019 - 2:29 p.m.

CVE-2014-10079

2019-02-2314:29:00

CWE-200

[email protected]

web.nvd.nist.gov

vembu storegrid

web interface

ip address disclosure

html

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

86.0%

JSON

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the “ipaddress” hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

CPENameOperatorVersion
vembu:storegridvembu storegrideq4.4

CPE	Name	Operator	Version
vembu:storegrid	vembu storegrid	eq	4.4

References

cxsecurity.com/issue/WLB-2018120091

packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html

seclists.org/fulldisclosure/2014/Aug/8

www.exploit-db.com/exploits/46549/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

86.0%

JSON

Related for CVE-2014-10079

prion1 exploitpack1 zdt1 packetstorm1 exploitdb1