CVE-2014-2871

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Link Resource
http://www.kb.cert.org/vuls/id/437385 US Government Resource
http://www.kb.cert.org/vuls/id/437385 US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paperthin:commonspot_content_server:*:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:paperthin:commonspot_content_server:8.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/437385 - US Government Resource () http://www.kb.cert.org/vuls/id/437385 - US Government Resource

Information

Published : 2014-04-15 23:13

Updated : 2024-11-21 02:07


NVD link : CVE-2014-2871

Mitre link : CVE-2014-2871

CVE.ORG link : CVE-2014-2871


JSON object : View

Products Affected

paperthin

  • commonspot_content_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor