CVE-2014-6255

Published: Dec 15, 2014Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.

Affected (16)

Products: Zenoss: Zenoss Core

Zenoss

1 product

Zenoss Core

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Up to 4.2.5
Zenoss Zenoss Core	Version 2.4.0
Zenoss Zenoss Core	Version 2.4.5
Zenoss Zenoss Core	Version 2.5.0
Zenoss Zenoss Core	Version 2.5.1
Zenoss Zenoss Core	Version 2.5.2
Zenoss Zenoss Core	Version 3.0.0
Zenoss Zenoss Core	Version 3.0.1
Zenoss Zenoss Core	Version 3.0.2
Zenoss Zenoss Core	Version 3.0.3
Zenoss Zenoss Core	Version 3.1.0
Zenoss Zenoss Core	Version 3.2.0
Zenoss Zenoss Core	Version 3.2.1
Zenoss Zenoss Core	Version 4.2.0
Zenoss Zenoss Core	Version 4.2.3
Zenoss Zenoss Core	Version 4.2.4

References (4)

http://www.kb.cert.org/vuls/id/449452

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.