Lucene search

[email protected]NVD:CVE-2014-9006

HistoryNov 20, 2014 - 1:55 p.m.

CVE-2014-9006

2014-11-2013:55:16

CWE-255

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.8%

JSON

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.

Affected configurations

NVD

Node

monstramonstraRange≤3.0.1

References

packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html

exchange.xforce.ibmcloud.com/vulnerabilities/98649

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for NVD:CVE-2014-9006

cve1 packetstorm1 cvelist1 prion1