CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0115

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

https://issues.apache.org/jira/browse/STORM-269
https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E
https://issues.apache.org/jira/browse/STORM-269
https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E

Products affected by CVE-2014-0115

Apache » Storm » Version: 0.9.0.1

cpe:2.3:a:apache:storm:0.9.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0115

Products

Pricing

Contact Us