CVE-2014-3207

Published May 8, 2014

Last updated 11 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48F016D6-A3D6-4711-8F37-461571D3FD68",
            "versionEndIncluding": "1.1.4"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8584DEF-5884-4DF3-8AE5-4332D0B184A0"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23403D8A-F645-4903-9060-74A32C3DF013"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9231329F-61F3-4EF7-A68C-5DB510FF49A7"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "793CF0F6-F334-4500-BA49-F1C79F936ABE"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB6E81E5-A3FD-4F4D-8C8E-804D282D03FA"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC802D6A-5467-4046-ACFA-ED2EF6378230"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D474C98-4AFA-41DC-8FE2-3A323F4CCFAA"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6998DFA8-1F12-44C7-8A43-A0A7DE5AE79F"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE028977-3D26-4D8D-97B8-DAED98B29370"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6C25434-2108-408E-978E-954D5DB79C0E"
          },
          {
            "criteria": "cpe:2.3:a:sks_keyserver_project:sks_keyserver:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C5CA2FE-5538-4C23-9C72-12BC7B68DB17"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References