In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2018120091 | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2014/Aug/8 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/46549/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-23T14:00:00
Updated: 2019-03-16T09:57:01
Reserved: 2019-02-23T00:00:00
Link: CVE-2014-10079
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-23T14:29:00.330
Modified: 2019-03-18T14:37:41.863
Link: CVE-2014-10079
JSON object: View
Redhat Information
No data.
CWE