CVE-2014-0115

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Storm

Timeline

PublishedOct 30

Latest updateMay 17

Description

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Mavenorg.apache.storm:storm0.9.0.1

▶NVDapache/storm0.9.0.1

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

OSV

Apache Storm log viewer path traversal vulnerability↗2022-05-17

▶

GHSA

Apache Storm log viewer path traversal vulnerability↗2022-05-17

▶

CVEList

CVE-2014-0115: Directory traversal vulnerability in the log viewer in Apache Storm 0↗2017-10-30

▶

💬Community

Bugzilla

CVE-2014-3575 openoffice: Arbitrary file disclosure via crafted OLE objects↗2014-09-05

▶