Lucene search

K
cve[email protected]CVE-2014-3862
HistorySep 02, 2014 - 10:55 a.m.

CVE-2014-3862

2014-09-0210:55:04
CWE-200
web.nvd.nist.gov
19
cve-2014-3862
cda.xsl
hl7
c-cda 1.1
remote attackers
information disclosure

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Affected configurations

NVD
Node
hl7c-cdaRange1.1
CPENameOperatorVersion
hl7:c-cdahl7 c-cdale1.1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

Related for CVE-2014-3862