Main Vulnerability Database Exploits ID:3845 - Exploit for Information disclosure in MODX Revolution - CVE-2014-8775

ID:3845 - Exploit for Information disclosure in MODX Revolution - CVE-2014-8775

Published: August 9, 2020

Vulnerability identifier: #VU41040

Vulnerability risk: Medium

CVE-ID: CVE-2014-8775

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
MODX Revolution

Link to public exploit:

https://www.exploit-db.com/exploits/35159/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Remediation

Install update from vendor's website.

ID:3845 - Exploit for Information disclosure in MODX Revolution - CVE-2014-8775

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human