ByteOS Network

NVD Vulnerability Details :

CVE-2014-9245

Modified

Source-cret@cert.org

Published At-15 Dec, 2014 | 18:59

Updated At-06 May, 2026 | 22:30

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

zenoss>>zenoss_core>>Versions up to 5.0.0(inclusive)

cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*

zenoss>>zenoss_core>>2.4.0

cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>2.4.5

cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*

zenoss>>zenoss_core>>2.5.0

cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>2.5.1

cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*

zenoss>>zenoss_core>>2.5.2

cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.0.0

cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.0.1

cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.0.2

cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.0.3

cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.1.0

cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.2.0

cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>3.2.1

cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*

zenoss>>zenoss_core>>4.2.0

cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>4.2.3

cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*

zenoss>>zenoss_core>>4.2.4

cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*

zenoss>>zenoss_core>>4.2.5

cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*

zenoss>>zenoss_core>>5.0.0

cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*

zenoss>>zenoss_core>>5.0.0

cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*

zenoss>>zenoss_core>>5.0.0

cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Zenoss

Last Modified : 2016-03-21T12:03:23.103

Addressed in 5.0. Will be addressed in next 425 maintenance release.

References

Hyperlink	Source	Resource
http://www.kb.cert.org/vuls/id/449452	cret@cert.org	Third Party Advisory US Government Resource
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing	cret@cert.org	Vendor Advisory
http://www.kb.cert.org/vuls/id/449452	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://www.kb.cert.org/vuls/id/449452

Source: cret@cert.org

Resource:

Third Party Advisory

US Government Resource

Hyperlink: https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cret@cert.org

Resource:

Vendor Advisory

Hyperlink: http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

US Government Resource

Hyperlink: https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History