What is CVE-2014-5468?

CVE-2014-5468 is a vulnerability in N/a. Published 2020-02-07.

Is CVE-2014-5468 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2014-5468

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbi…

EPSS: 0.653 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html (x_refsource_MISC)
www.exploit-db.com/exploits/34669 (x_refsource_MISC)
exchange.xforce.ibmcloud.com/vulnerabilities/95959 (x_refsource_MISC)
www.securityfocus.com/bid/69761 (x_refsource_MISC)
vulmon.com/vulnerabilitydetails (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-5468?: CVE-2014-5468 is a vulnerability in N/a. Published 2020-02-07.
Is CVE-2014-5468 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.