Lucene search

[email protected]CVE-2014-6255

HistoryDec 15, 2014 - 6:59 p.m.

CVE-2014-6255

2014-12-1518:59:08

[email protected]

web.nvd.nist.gov

cve-2014-6255

open redirect vulnerability

zenoss core

security

nvd

phishing attacks

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.

Affected configurations

NVD

Node

zenosszenoss_coreRange≤4.2.5

zenosszenoss_coreMatch2.4.0

zenosszenoss_coreMatch2.4.5

zenosszenoss_coreMatch2.5.0

zenosszenoss_coreMatch2.5.1

zenosszenoss_coreMatch2.5.2

zenosszenoss_coreMatch3.0.0

zenosszenoss_coreMatch3.0.1

zenosszenoss_coreMatch3.0.2

zenosszenoss_coreMatch3.0.3

zenosszenoss_coreMatch3.1.0

zenosszenoss_coreMatch3.2.0

zenosszenoss_coreMatch3.2.1

zenosszenoss_coreMatch4.2.0

zenosszenoss_coreMatch4.2.3

zenosszenoss_coreMatch4.2.4

CPENameOperatorVersion
zenoss:zenoss_corezenoss zenoss corele4.2.5
zenoss:zenoss_corezenoss zenoss coreeq2.4.0
zenoss:zenoss_corezenoss zenoss coreeq2.4.5
zenoss:zenoss_corezenoss zenoss coreeq2.5.0
zenoss:zenoss_corezenoss zenoss coreeq2.5.1
zenoss:zenoss_corezenoss zenoss coreeq2.5.2
zenoss:zenoss_corezenoss zenoss coreeq3.0.0
zenoss:zenoss_corezenoss zenoss coreeq3.0.1
zenoss:zenoss_corezenoss zenoss coreeq3.0.2
zenoss:zenoss_corezenoss zenoss coreeq3.0.3

CPE	Name	Operator	Version
zenoss:zenoss_core	zenoss zenoss core	le	4.2.5
zenoss:zenoss_core	zenoss zenoss core	eq	2.4.0
zenoss:zenoss_core	zenoss zenoss core	eq	2.4.5
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.0
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.1
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.2
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.0
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.1
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.2
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.3

Rows per page:

1-10 of 161

References

www.kb.cert.org/vuls/id/449452

docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2014-6255

prion1 cvelist1 nvd1 cert1