Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2865


Vulnerability Score 7.5 7.5
CVE Id CVE-2014-2865
Last Modified 16 Apr 2014 10:20:16
Published 15 Apr 2014 07:13:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.

Vulnerable Systems


  • Paperthin Commonspot Content Server 7.0.1

  • Paperthin Commonspot Content Server 8.0.0

  • Paperthin Commonspot Content Server 8.0.1

  • Paperthin Commonspot Content Server 8.0.2


CERT-VN - VU#437385

Last Updated: 27 May 2016 11:05:00