PT-2019-7049 · Vembu · Vembu Storegrid

Gionathan Reale

Published

2019-02-23

Updated

2019-03-18

CVE-2014-10079

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vembu StoreGrid version 4.4.x

Description The issue concerns the server web interface of Vembu StoreGrid, where the front page leaks the private IP address. This leak occurs due to incorrect processing of an index.php trailing slash, which discloses the private IP address in the ipaddress hidden form value of the HTML source code.

Recommendations For Vembu StoreGrid version 4.4.x, consider modifying the index.php page to correctly process trailing slashes and remove the disclosure of the private IP address in the ipaddress hidden form value. As a temporary workaround, restrict access to the server web interface to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-10079

Affected Products

Vembu Storegrid

PT-2019-7049 · Vembu · Vembu Storegrid

CVE-2014-10079

Weakness Enumeration

Related Identifiers

Affected Products

References · 5