ID CVE-2014-2864 Type cve Reporter NVD Modified 2014-04-16T10:18:06
Description
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "published": "2014-04-15T19:13:17", "cvelist": ["CVE-2014-2864"], "title": "CVE-2014-2864", "objectVersion": "1.2", "type": "cve", "hash": "08ee40a52528951228a358b066949f7ff2d6c3bb8f4f3b8f96c9738f4df76c94", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2864", "bulletinFamily": "NVD", "id": "CVE-2014-2864", "history": [], "scanner": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2014-04-16T10:18:06", "viewCount": 0, "cpe": ["cpe:/a:paperthin:commonspot_content_server:8.0.2", "cpe:/a:paperthin:commonspot_content_server:8.0.0", "cpe:/a:paperthin:commonspot_content_server:8.0.1", "cpe:/a:paperthin:commonspot_content_server:7.0.1"], "edition": 1, "description": "Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.", "references": ["http://www.kb.cert.org/vuls/id/437385"], "lastseen": "2016-09-03T20:19:58", "assessment": {"system": "", "name": "", "href": ""}}
{"nessus": [{"lastseen": "2018-09-01T23:58:56", "references": ["http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2861.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2870.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2867.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2868.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2871.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2869.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2863.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2862.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2864.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2872.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2866.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2860.html", "http://www.paperthin.com/support/tech-specs.cfm", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2874.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2865.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2859.html", "http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2873.html"], "pluginID": "73611", "description": "According to its version number, the CommonSpot install hosted on the remote web server is affected by multiple vulnerabilities :\n\n - An access restriction bypass via a direct request.\n (CVE-2014-2859)\n\n - Multiple cross-site scripting (XSS) vulnerabilities.\n (CVE-2014-2860, CVE-2014-2861)\n\n - Improper authorization checks in unspecified requests can allow a remote, unauthenticated attacker to perform unauthorized actions. (CVE-2014-2862)\n\n - Multiple path traversal vulnerabilities allow remote, unauthenticated attackers to request full pathnames in parameters. (CVE-2014-2863)\n\n - Multiple directory traversal vulnerabilities.\n (CVE-2014-2864)\n\n - The application fails to restrict the use of a NULL byte, which can be used to bypass access restrictions.\n (CVE-2014-2865)\n\n - The application uses client JavaScript code for access restrictions, which can be bypassed with attacker- controlled JavaScript. (CVE-2014-2866)\n\n - Unrestricted file uploads could allow for dangerous file types to be added to the server. (CVE-2014-2867)\n\n - Multiple pages allow a remote attacker to override ColdFusion variables via HTTP GET requests.\n (CVE-2014-2868)\n\n - Multiple pages allow for information disclosure.\n (CVE-2014-2869)\n\n - The application stores credentials in plaintext in the underlying application database by default.\n (CVE-2014-2870)\n\n - The application transmits credentials in cleartext via HTTP. (CVE-2014-2871)\n\n - Multiple directory listings allow for potential access to sensitive information. (CVE-2014-2872)\n\n - The application allows unauthenticated access to log files allowing for information disclosure.\n (CVE-2014-2873)\n\n - The application allows remote, unauthenticated attackers to execute arbitrary commands with arbitrary parameters.\n (CVE-2014-2874)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 5, "reporter": "Tenable", "published": "2014-04-18T00:00:00", "title": "CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2863", "CVE-2014-2860", "CVE-2014-2867", "CVE-2014-2871", "CVE-2014-2866", "CVE-2014-2859", "CVE-2014-2862", "CVE-2014-2869", "CVE-2014-2864", "CVE-2014-2870", "CVE-2014-2872", "CVE-2014-2868", "CVE-2014-2873", "CVE-2014-2861", "CVE-2014-2874", "CVE-2014-2865"], "modified": "2018-06-13T00:00:00", "cpe": ["cpe:/a:paperthin:commonspot_content_server"], "id": "COMMONSPOT_7_0_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73611);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/06/13 18:56:26\");\n\n script_cve_id(\n \"CVE-2014-2859\",\n \"CVE-2014-2860\",\n \"CVE-2014-2861\",\n \"CVE-2014-2862\",\n \"CVE-2014-2863\",\n \"CVE-2014-2864\",\n \"CVE-2014-2865\",\n \"CVE-2014-2866\",\n \"CVE-2014-2867\",\n \"CVE-2014-2868\",\n \"CVE-2014-2869\",\n \"CVE-2014-2870\",\n \"CVE-2014-2871\",\n \"CVE-2014-2872\",\n \"CVE-2014-2873\",\n \"CVE-2014-2874\"\n );\n script_bugtraq_id(66813);\n script_xref(name:\"CERT\", value:\"437385\");\n\n script_name(english:\"CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of CommonSpot\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a ColdFusion-based application that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the CommonSpot install hosted on the\nremote web server is affected by multiple vulnerabilities :\n\n - An access restriction bypass via a direct request.\n (CVE-2014-2859)\n\n - Multiple cross-site scripting (XSS) vulnerabilities.\n (CVE-2014-2860, CVE-2014-2861)\n\n - Improper authorization checks in unspecified requests\n can allow a remote, unauthenticated attacker to perform\n unauthorized actions. (CVE-2014-2862)\n\n - Multiple path traversal vulnerabilities allow remote,\n unauthenticated attackers to request full pathnames in\n parameters. (CVE-2014-2863)\n\n - Multiple directory traversal vulnerabilities.\n (CVE-2014-2864)\n\n - The application fails to restrict the use of a NULL\n byte, which can be used to bypass access restrictions.\n (CVE-2014-2865)\n\n - The application uses client JavaScript code for access\n restrictions, which can be bypassed with attacker-\n controlled JavaScript. (CVE-2014-2866)\n\n - Unrestricted file uploads could allow for dangerous\n file types to be added to the server. (CVE-2014-2867)\n\n - Multiple pages allow a remote attacker to override\n ColdFusion variables via HTTP GET requests.\n (CVE-2014-2868)\n\n - Multiple pages allow for information disclosure.\n (CVE-2014-2869)\n\n - The application stores credentials in plaintext in the\n underlying application database by default.\n (CVE-2014-2870)\n\n - The application transmits credentials in cleartext via\n HTTP. (CVE-2014-2871)\n\n - Multiple directory listings allow for potential access\n to sensitive information. (CVE-2014-2872)\n\n - The application allows unauthenticated access to log\n files allowing for information disclosure.\n (CVE-2014-2873)\n\n - The application allows remote, unauthenticated attackers\n to execute arbitrary commands with arbitrary parameters.\n (CVE-2014-2874)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2859.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2860.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2861.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2864.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2865.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2866.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2867.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2868.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2869.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2870.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2871.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2872.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2873.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodaylab.com/vulnerabilities/CVE-2014/CVE-2014-2874.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.paperthin.com/support/tech-specs.cfm\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to CommonSpot version 7.0.2 / 8.0.3 / 9.0.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:paperthin:commonspot_content_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"commonspot_web_detect.nbin\");\n script_require_keys(\"www/commonspot\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\napp = 'CommonSpot';\n\ninstall = get_install_from_kb(\n appname : \"commonspot\",\n port : port,\n exit_on_fail : TRUE\n);\ndir = install[\"dir\"];\ninstall_loc = build_url(port:port, qs:dir + \"/index.cfm\");\n\nversion = install[\"ver\"];\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, app, install_loc);\n\nfix = NULL;\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions less than 7.0.2 / 8.x < 8.0.3 / 9.0.0 are vulnerable\nif (ver[0] < 7)\n{\n fix = '7.0.2 / 8.0.3 / 9.0.0 or later';\n}\nelse if (ver[0] == 7 && ver[1] == 0 && ver[2] < 2)\n{\n fix = '7.0.2';\n}\nelse if (ver[0] == 8 && ver[1] == 0 && ver[2] < 3)\n{\n fix = '8.0.3';\n}\n\nif (!isnull(fix))\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_loc+\n '\\n Installed version : ' +version+\n '\\n Fixed version : ' + fix + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
