Vulnerability Description
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vembu | Storegrid | 4.4 |
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2018120091ExploitThird Party Advisory
- https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2014/Aug/8Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/46549/ExploitThird Party AdvisoryVDB Entry
- https://cxsecurity.com/issue/WLB-2018120091ExploitThird Party Advisory
- https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Third Party AdvisoryVDB Entry
- https://seclists.org/fulldisclosure/2014/Aug/8Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/46549/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2014-10079?
CVE-2014-10079 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect ...
How severe is CVE-2014-10079?
CVE-2014-10079 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-10079?
Check the references section above for vendor advisories and patch information. Affected products include: Vembu Storegrid.