Lucene search

K
cve[email protected]CVE-2014-3862
HistorySep 02, 2014 - 10:55 a.m.

CVE-2014-3862

2014-09-0210:55:04
CWE-200
web.nvd.nist.gov
19
cve-2014-3862
cda.xsl
hl7
c-cda 1.1
remote attackers
information disclosure

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Affected configurations

NVD
Node
hl7c-cdaRange1.1
CPENameOperatorVersion
hl7:c-cdahl7 c-cdale1.1

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

Related for CVE-2014-3862