CVE-2014-125056 (GCVE-0-2014-125056)
Vulnerability from cvelistv5 – Published: 2023-01-07 09:06 – Updated: 2024-08-06 14:10
VLAI?
Summary
A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T18:16:06.245546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T18:16:12.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217598"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217598"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "horus",
"vendor": "Pylons",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.4,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T06:22:46.501Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217598"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217598"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-07T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-29T16:47:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Pylons horus services.py timing discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125056",
"datePublished": "2023-01-07T09:06:06.990Z",
"dateReserved": "2023-01-07T09:05:25.876Z",
"dateUpdated": "2024-08-06T14:10:56.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pylonsproject:horus:*:*:*:*:*:pyramid:*:*\", \"versionEndExcluding\": \"2014-05-07\", \"matchCriteriaId\": \"372FD3F7-ACDE-4A93-98D6-6D2B9B1052C0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad fue encontrada en Pylons horus y clasificada como problem\\u00e1tica. Una funci\\u00f3n desconocida del archivo horus/flows/local/services.py es afectada por este problema. La manipulaci\\u00f3n conduce a una discrepancia temporal observable. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\\u00f3n es dif\\u00edcil. El parche se identifica como fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. Se recomienda aplicar un parche para solucionar este problema. VDB-217598 es el identificador asignado a esta vulnerabilidad.\"}]",
"id": "CVE-2014-125056",
"lastModified": "2024-11-21T02:03:41.767",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.6, \"baseSeverity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:H/Au:S/C:P/I:N/A:N\", \"baseScore\": 1.4, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 2.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2023-01-07T10:15:08.753",
"references": "[{\"url\": \"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.217598\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.217598\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.217598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.217598\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-208\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-125056\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-01-07T10:15:08.753\",\"lastModified\":\"2024-11-21T02:03:41.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad fue encontrada en Pylons horus y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo horus/flows/local/services.py es afectada por este problema. La manipulaci\u00f3n conduce a una discrepancia temporal observable. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El parche se identifica como fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. Se recomienda aplicar un parche para solucionar este problema. VDB-217598 es el identificador asignado a esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:H/Au:S/C:P/I:N/A:N\",\"baseScore\":1.4,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":2.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-208\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pylonsproject:horus:*:*:*:*:*:pyramid:*:*\",\"versionEndExcluding\":\"2014-05-07\",\"matchCriteriaId\":\"372FD3F7-ACDE-4A93-98D6-6D2B9B1052C0\"}]}]}],\"references\":[{\"url\":\"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.217598\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.217598\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.217598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.217598\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://vuldb.com/?id.217598\", \"tags\": [\"vdb-entry\", \"technical-description\", \"x_transferred\"]}, {\"url\": \"https://vuldb.com/?ctiid.217598\", \"tags\": [\"signature\", \"permissions-required\", \"x_transferred\"]}, {\"url\": \"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\", \"tags\": [\"patch\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T14:10:56.644Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2014-125056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-18T18:16:06.245546Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-18T18:16:10.139Z\"}}], \"cna\": {\"title\": \"Pylons horus services.py timing discrepancy\", \"credits\": [{\"lang\": \"en\", \"type\": \"tool\", \"value\": \"VulDB GitHub Commit Analyzer\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.6, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 2.6, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 1.4, \"vectorString\": \"AV:A/AC:H/Au:S/C:P/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Pylons\", \"product\": \"horus\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-01-07T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2023-01-07T00:00:00.000Z\", \"value\": \"CVE reserved\"}, {\"lang\": \"en\", \"time\": \"2023-01-07T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2023-01-29T16:47:42.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.217598\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.217598\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Die Komplexit\\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestm\\u00f6gliche Massnahme wird Patching empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-208\", \"description\": \"CWE-208 Observable Timing Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2023-10-20T06:22:46.501Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2014-125056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-06T14:10:56.644Z\", \"dateReserved\": \"2023-01-07T09:05:25.876Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2023-01-07T09:06:06.990Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…