CVE-2014-10079
Summary
| CVE | CVE-2014-10079 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-23 14:29:00 UTC |
| Updated | 2019-03-18 14:37:00 UTC |
| Description | In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vembu Backup / Disaster Recovery 6.1 Follow Up ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| CXSecurity - IDS | MISC | cxsecurity.com | Exploit, Third Party Advisory |
| Full Disclosure: [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] | MISC | seclists.org | Mailing List, Third Party Advisory |
| Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.