CVE-2014-2871

Published: Apr 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (4)

Products: Paperthin: Commonspot Content Server

Paperthin

1 product

Commonspot Content Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Paperthin Commonspot Content Server	Up to 7.0.1
Paperthin Commonspot Content Server	Version 8.0.0
Paperthin Commonspot Content Server	Version 8.0.1
Paperthin Commonspot Content Server	Version 8.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.kb.cert.org/vuls/id/437385

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/437385

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.