Lucene search

MitreCVE-2014-10079

HistoryFeb 23, 2019 - 2:29 p.m.

CVE-2014-10079

2019-02-2314:29:00

CWE-200

mitre

web.nvd.nist.gov

vembu storegrid

web interface

ip address disclosure

html

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the “ipaddress” hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

Affected configurations

Nvd

Node

vembustoregridMatch4.4

VendorProductVersionCPE
vembustoregrid4.4cpe:2.3:a:vembu:storegrid:4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vembu	storegrid	4.4	cpe:2.3:a:vembu:storegrid:4.4:::::::*

References

cxsecurity.com/issue/WLB-2018120091

packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html

seclists.org/fulldisclosure/2014/Aug/8

www.exploit-db.com/exploits/46549/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

Related for CVE-2014-10079