Lucene search
MitreCVE-2014-2865HistoryApr 15, 2014 - 11:13 p.m.
CVE-2014-2865
2014-04-1523:13:17
CWE-264
mitre
web.nvd.nist.gov
24
cve-2014-2865
paperthin commonspot
remote code execution
security vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.006
Percentile
78.9%
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a ‘\0’ character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.
Affected configurations
Node
paperthincommonspot_content_serverRange≤7.0.1
ORpaperthincommonspot_content_serverMatch8.0.0
ORpaperthincommonspot_content_serverMatch8.0.1
ORpaperthincommonspot_content_serverMatch8.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| paperthin | commonspot_content_server | * | cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.0 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.1 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:* |
| paperthin | commonspot_content_server | 8.0.2 | cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:* |
References
Related
prion
prion
Design/Logic Flaw
2014-04-15 23:13:00
nvd
nvd
CVE-2014-2865
2014-04-15 23:13:17
cvelist
cvelist
CVE-2014-2865
2014-04-15 23:00:00
nessus
nessus
CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities
2014-04-18 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.006
Percentile
78.9%
Related for CVE-2014-2865