CVE-2014-2873

CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Unauthenticated Sensitive Information Exposure via Log File Access

Title source: llm
STIX 2.1

Description

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/437385

Scores

EPSS 0.0209
EPSS Percentile 79.3%

Details

CWE
CWE-200
Status published
Products (4)
paperthin/commonspot_content_server 8.0.0
paperthin/commonspot_content_server 8.0.1
paperthin/commonspot_content_server 8.0.2
paperthin/commonspot_content_server < 7.0.1
Published Apr 15, 2014
Tracked Since Feb 18, 2026