51 matches found
CVE-2014-2858
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to...
CVE-2014-2857
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...
Directory traversal
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT...
Default configuration
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...
Directory traversal
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to...
CVE-2014-0053
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT...
CVE-2014-0053
CVE-2014-0053 affects Grails Resources plugin (versions 1.0.0–1.2.5) used with Grails 2.0.0–2.3.6. The default configuration fails to restrict access to files under /WEB-INF (and, per related entries, /META-INF) by default, enabling information disclosure via direct requests. The root cause inclu...
CVE-2014-2857
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...
CVE-2014-2858
CVE-2014-2858 describes a directory traversal in the Grails Resources plugin (version 1.0.0 up to 1.2.5) for Grails 2.0.0–2.3.6. The issue allows remote attackers to obtain sensitive information via unspecified vectors related to a configured block (directory traversal bypass). Root cause: improp...
CVE-2014-2858
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to...
CVE-2014-2857
The CVE refers to the Grails Resources plugin (versions 1.0.0–1.2.5) used with Grails 2.0.0–2.3.6. Root cause: by default, the plugin does not restrict access to /WEB-INF or /META-INF, enabling information disclosure via direct requests. Affected configurations include the default setup; the issu...