Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3739

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-3739
Last Modified 21 May 2014 06:07:29
Published 20 May 2014 10:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3739

Summary

Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.

Vulnerable Systems

Application

  • Zenoss 4.2.5


References

MISC - https://www.youtube.com/watch?v=wtmdsz24evo

BID - 67396

MLIST - [oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities

MLIST - [oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities


Last Updated: 27 May 2016 11:05:20