Home  >  CVE-2014-6255
CVE Details for CVE: CVE-2014-6255
Summary
Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.
Timestamps
Last major update 21-03-2016 - 15:43
Published 15-12-2014 - 18:59
Last modified 21-03-2016 - 15:43
References
Vulnerable Configurations
  • cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:-:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:-:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
6.4
Impact
4.9
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
cert-vn VU#449452
confirm https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
statements via4
contributor Zenoss
lastmodified 2016-03-21
organization Zenoss
statement Addressed in versions 5.0, 4.2.5.SP167, and 4.2.4.SP555