CVE-2014-125056 Vulnerability Details

  /     /     /  

CVE-2014-125056 Metadata Quick Info

CVE Published: 07/01/2023 | CVE Updated: 06/08/2024 | CVE Year: 2014
Source: VulDB | Vendor: Pylons | Product: horus
Status : PUBLISHED

---

CVE-2014-125056 Description

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: 2.6 LOW
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-208
CWE Name: CWE-208 Observable Timing Discrepancy
Source: Pylons

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).