{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2014-125056","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-01-07T09:05:25.876Z","datePublished":"2023-01-07T09:06:06.990Z","dateUpdated":"2024-08-06T14:10:56.644Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-20T06:22:46.501Z"},"title":"Pylons horus services.py timing discrepancy","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-208","lang":"en","description":"CWE-208 Observable Timing Discrepancy"}]}],"affected":[{"vendor":"Pylons","product":"horus","versions":[{"version":"n/a","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Eine Schwachstelle wurde in Pylons horus gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei horus/flows/local/services.py. Durch das Manipulieren mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":2.6,"vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.6,"vectorString":"CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1.4,"vectorString":"AV:A/AC:H/Au:S/C:P/I:N/A:N"}}],"timeline":[{"time":"2023-01-07T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-01-07T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-01-07T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-01-29T16:47:42.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.217598","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.217598","tags":["signature","permissions-required"]},{"url":"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec","tags":["patch"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-18T18:16:06.245546Z","id":"CVE-2014-125056","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-18T18:16:12.800Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T14:10:56.644Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.217598","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.217598","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec","tags":["patch","x_transferred"]}]}]}}