1. Home
  2. CVE Database
  3. CVE-2014-0053
MEDIUM · 5.0

CVE-2014-0053

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote atta...

Vulnerability Description

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GopivotalGrails-Resources1.0.0
GopivotalGrails2.0.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-0053?

CVE-2014-0053 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote atta...

How severe is CVE-2014-0053?

CVE-2014-0053 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0053?

Check the references section above for vendor advisories and patch information. Affected products include: Gopivotal Grails-Resources, Gopivotal Grails.