CVE-2014-2352
published 2014-05-30CVE-2014-2352: The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access…
PriorityP429medium6.4CVSS 2.0
AVNACLAuNCPINAP
EPSS
2.31%
81.2th percentile
The directory specifier can include designators that can be used to
traverse the directory path. Exploiting this vulnerability may enable an
attacker to access a limited number of hardcoded file types. Further
exploitation of this vulnerability may allow an attacker to cause the
web server component to enter a denial-of-service condition.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cogent | datahub | < 7.3.5 | 7.3.5 |
| cogentdatahub | cogent_datahub | <= 7.3.4 | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Cogent DataHub Vulnerabilities
cisa_ics·2018-09-06
Cogent DataHub Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cogent DataHub Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-149-02
## OVERVIEW
Independent researcher Alain Homewood has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent Real-Time Systems has produced a new version that mitigates three of the four identified vulnerabilities; they have recommended a mitigation for the unresolved vulnerability. The researcher has tested the new version to validate that it resolves three of the four vulnerabilities.
Three of the identified vulnerabilities could be exploited remotely.
GHSA
GHSA-76vr-x382-ppf5: Directory traversal vulnerability in Cogent DataHub before 7
ghsa_unreviewed·2022-05-17
CVE-2014-2352 [MEDIUM] CWE-22 GHSA-76vr-x382-ppf5: Directory traversal vulnerability in Cogent DataHub before 7
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-05-30
Published