CVE-2014-125056

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.

CVSS v3 2.6 LOW
CVSS v2.0 1.4 LOW

2.6^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.4^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 2.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec	Patch Third Party Advisory
https://vuldb.com/?ctiid.217598	Third Party Advisory VDB Entry
https://vuldb.com/?id.217598	Third Party Advisory VDB Entry
https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec	Patch Third Party Advisory
https://vuldb.com/?ctiid.217598	Third Party Advisory VDB Entry
https://vuldb.com/?id.217598	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:pylonsproject:horus:*:*:*:*:*:pyramid:*:*

History

21 Nov 2024, 02:03

Type	Values Removed	Values Added
References	~~() https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec - Patch, Third Party Advisory~~	() https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec - Patch, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.217598 - Third Party Advisory, VDB Entry~~	() https://vuldb.com/?ctiid.217598 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.217598 - Third Party Advisory, VDB Entry~~	() https://vuldb.com/?id.217598 - Third Party Advisory, VDB Entry
CVSS	v2 : ~~1.4~~ v3 : ~~5.3~~	v2 : 1.4 v3 : 2.6

29 Feb 2024, 01:14

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad fue encontrada en Pylons horus y clasificada como problemática. Una función desconocida del archivo horus/flows/local/services.py es afectada por este problema. La manipulación conduce a una discrepancia temporal observable. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. El parche se identifica como fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. Se recomienda aplicar un parche para solucionar este problema. VDB-217598 es el identificador asignado a esta vulnerabilidad.

Information

Published : 2023-01-07 10:15

Updated : 2024-11-21 02:03

NVD link : CVE-2014-125056

Mitre link : CVE-2014-125056

CVE.ORG link : CVE-2014-125056

JSON object : View

Products Affected

pylonsproject

horus

CWE

CWE-208

Observable Timing Discrepancy

{"id": "CVE-2014-125056", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 1.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 2.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-01-07T10:15:08.753", "references": [{"url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.217598", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.217598", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.217598", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.217598", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Pylons horus y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo horus/flows/local/services.py es afectada por este problema. La manipulaci\u00f3n conduce a una discrepancia temporal observable. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El parche se identifica como fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. Se recomienda aplicar un parche para solucionar este problema. VDB-217598 es el identificador asignado a esta vulnerabilidad."}], "lastModified": "2024-11-21T02:03:41.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pylonsproject:horus:*:*:*:*:*:pyramid:*:*", "vulnerable": true, "matchCriteriaId": "372FD3F7-ACDE-4A93-98D6-6D2B9B1052C0", "versionEndExcluding": "2014-05-07"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}

CVE-2014-125056

2.6 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.4 /10

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2014-125056

2.6^/10

1.4^/10

Attach tags to `CVE-2014-125056`