CVE-2014-6309

Опубликовано: 12 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling.

Ссылки

https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879
Broken Link
Vendor Advisory
https://support.tenefit.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879
Vendor Advisory
https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.2:*:*:*:jms:*:*:*

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.3:*:*:*:jms:*:*:*

cpe:2.3:a:tenefit:kaazing_websocket_gateway:4.0.4:*:*:*:jms:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9p8j-65xj-2v6x