CVE-2014-2873

Published: Apr 15, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.

Affected (4)

Products: Paperthin: Commonspot Content Server

Paperthin

1 product

Commonspot Content Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Paperthin Commonspot Content Server	Up to 7.0.1
Paperthin Commonspot Content Server	Version 8.0.0
Paperthin Commonspot Content Server	Version 8.0.1
Paperthin Commonspot Content Server	Version 8.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.kb.cert.org/vuls/id/437385

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/437385

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.