Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
Threat-Mapped Scoring
Score: 3.0
Priority: P2 - Serious (High)
S1 – Steal Customer Account Information
EPSS
Score: 0.06466Percentile:
0.9064
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:cacheflow:cacheos:0.0:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.02:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.03:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.04:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.05:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.06:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.07:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.08:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.09:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.10:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.11:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.12:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.13:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.14:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.15:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.16:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.17:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.18:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.19:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:3.1.20:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cacheflow:cacheos:4.0.13:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me