PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/437385 | US Government Resource |
http://www.kb.cert.org/vuls/id/437385 | US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/437385 - US Government Resource |
Information
Published : 2014-04-15 23:13
Updated : 2024-11-21 02:07
NVD link : CVE-2014-2871
Mitre link : CVE-2014-2871
CVE.ORG link : CVE-2014-2871
JSON object : View
Products Affected
paperthin
- commonspot_content_server
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor