Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2014-2391
HistoryApr 17, 2014 - 8:00 p.m.

CVE-2014-2391

2014-04-1720:00:00
mitre
www.cve.org
1

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.

Related

seebug 1
cve 1
prion 1
nvd 1
openvas 1
securityvulns 2
seebug
seebug
Open-Xchange AppSuite信息泄露漏洞
2014-04-14 00:00:00
cve
cve
CVE-2014-2391
2014-04-24 05:06:05
prion
prion
Input validation
2014-04-24 05:06:00
nvd
nvd
CVE-2014-2391
2014-04-24 05:06:05
openvas
openvas
Open-Xchange (OX) App Suite Multiple Security Bypass Vulnerabilities (Oct 2015)
2015-10-06 00:00:00
securityvulns
securityvulns
Open-Xchange security vulnerabilities
2014-05-05 00:00:00
Open-Xchange Security Advisory 2014-04-08
2014-05-05 00:00:00

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON
Related for CVELIST:CVE-2014-2391
seebug1cve1prion1nvd1openvas1securityvulns2