Lucene search

K
nvd[email protected]NVD:CVE-2014-9006
HistoryNov 20, 2014 - 1:55 p.m.

CVE-2014-9006

2014-11-2013:55:16
CWE-255
web.nvd.nist.gov
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.8%

Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.

Affected configurations

Nvd
Node
monstramonstraRange3.0.1
VendorProductVersionCPE
monstramonstra*cpe:2.3:a:monstra:monstra:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.8%

Related for NVD:CVE-2014-9006