CVE-2015-0969 : SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the

SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

Published 2015-04-18 02:00:07

Updated 2015-04-20 17:45:43

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2015-0969

Probability of exploitation activity in the next 30 days: 0.83%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

Searchblox » Searchblox
Versions up to, including, (<=) 8.1
cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:*
Matching versions