CVE-2014-2227
N/A
N/A
Summary
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2014/Jul/128
- http://sethsec.blogspot.com/2014/07/cve-2014-2227.html
- http://www.securityfocus.com/bid/68866
References
- http://seclists.org/fulldisclosure/2014/Jul/128
- http://sethsec.blogspot.com/2014/07/cve-2014-2227.html
- http://www.securityfocus.com/bid/68866
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.