CVE-2014-1930

Sažetak

Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

Reference

http://jvn.jp/vu/JVNVU97441356/index.html
http://osvdb.org/102814
http://osvdb.org/102815
http://www.kb.cert.org/vuls/id/566894
http://www.securityfocus.com/bid/65305
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-02-2014 - 05:06

Objavljeno

10-02-2014 - 22:55