Lucene search

[email protected]NVD:CVE-2014-5269

HistorySep 04, 2014 - 5:55 p.m.

CVE-2014-5269

2014-09-0417:55:06

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.

Affected configurations

NVD

Node

plack_projectplackRange≤1.0030

References

api.metacpan.org/source/MIYAGAWA/Plack-1.0031/Changes

lists.fedoraproject.org/pipermail/package-announce/2014-August/137099.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/137115.html

seclists.org/oss-sec/2014/q3/384

www.osvdb.org/109928

github.com/avar/Plack/commit/bc1731dbb53850c380875ad683cd87c8ec99eee3

github.com/plack/Plack/issues/405

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for NVD:CVE-2014-5269

nessus5 ubuntucve1 cvelist1 openvas4 fedora2 debian1 debiancve1 cve1 mageia1 osv1 securityvulns2 prion1