CVE-2025-29868

EPSS 0.41%
Veröffentlicht 01.04.2025 08:15:14
Zuletzt bearbeitet 15.04.2025 13:07:54
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user.
Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Answer Version <= 1.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.607

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-495 Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/01/2

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/02/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/10/3

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-29868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-29868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-29868

EUVD