NVD

Id
28996  
Name
CVE-2014-0053  
Description
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-04-15  
Modified Date
2014-04-22  
Seq
2014-0053  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152925 28996 CVE-2014-0053 20140219 CVE-2014-0053 Information Disclosure when using Grails  View
152926 28996 CVE-2014-0053 20140227 Update: CVE-2014-0053 Information Disclosure when using Grails  View
152927 28996 CVE-2014-0053 http://www.gopivotal.com/security/cve-2014-0053  View
152928 28996 CVE-2014-0053 20140227 Update: CVE-2014-0053 Information Disclosure when using Grails  View
152929 28996 CVE-2014-0053 65678  View
152930 28996 CVE-2014-0053 grails-cve20140053-info-disc(91270)  View
152931 28996 CVE-2014-0053 https://twitter.com/Ramsharan065/status/434975409134792704  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13270 JVNDB-2014-002145 Pivotal Grails 用 Resources プラグインのデフォルト設定における重要な情報を取得される脆弱性 Pivotal Grails 用 Resources プラグインのデフォルト設定は、WEB-INF ディレクトリ内のファイルへのアクセスを適切に制限しないため、重要な情報を取得される脆弱性が存在します。 CVE-2014-0053 67454 CVE-2014-0053 28996 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002145.html 2014-02-19 2014-04-21 View