CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2014-2857
https://notcve.org/view.php?id=CVE-2014-2857
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5. La configuración por defecto del plugin Resources 1.0.0 anterior a 1.2.6 para Pivotal Grails 2.0.0 hasta 2.3.6 no restringe debidamente acceso a archivos en el directorio META-INF, lo que permite a atacantes remotos obtener información sensible a través de una solicitud directa. NOTA: este problema fue dividido (SPLIT) de CVE-2014-0053 debido a investigadores diferentes por ADT5. • http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html http://www.gopivotal.com/security/cve-2014-0053 http://www.securityfocus.com/archive/1/531281/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2014-2858
https://notcve.org/view.php?id=CVE-2014-2858
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. Vulnerabilidad de salto de directorio en el plugin Resources 1.0.0 anterior a 1.2.6 para Pivotal Grails 2.0.0 hasta 2.3.6 permite a atacantes remotos obtener información sensible a través de vectores desconocidos relacionados con un "bloque configurado." NOTA: este problema fue dividido (SPLIT) de CVE-2014-0053 por ADT2 debido a diferentes tipos de vulnerabilidades. • http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html http://www.gopivotal.com/security/cve-2014-0053 http://www.securityfocus.com/archive/1/531281/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0CVE-2014-0053
https://notcve.org/view.php?id=CVE-2014-0053
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal. La configuración por defecto del plugin Resources 1.0.0 anterior a 1.2.6 para Pivotal Grails 2.0.0 anterior a 2.3.6 no restringe correctamente el acceso a archivos en el directorio WEB-INF, lo que permite a atacantes remotos obtener información sensible a través de una petición directa. NOTA: este identificador ha sido dividido (SPLIT) debido a diferentes investigadores y diferentes tipos de vulnerabilidades. • http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0194.html http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html http://secunia.com/advisories/56841 http://www.gopivotal.com/security/cve-2014-0053 http://www.securityfocus.com/archive/1/531281/100/0/threaded http://www.securityfocus.com/bid/65678 https://exchange.xforce.ibmcloud.com/vulnerabilities/91270 https://twitter.com/Ramsharan065/status/434975409134792704 • CWE-264: Permissions, Privileges, and Access Controls •