Lucene search

[email protected]CVE-2014-3862

HistorySep 02, 2014 - 10:55 a.m.

CVE-2014-3862

2014-09-0210:55:04

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-3862

cda.xsl

hl7

c-cda 1.1

remote attackers

information disclosure

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Affected configurations

NVD

Node

hl7c-cdaRange≤1.1

CPENameOperatorVersion
hl7:c-cdahl7 c-cdale1.1

CPE	Name	Operator	Version
hl7:c-cda	hl7 c-cda	le	1.1

References

gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088

motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html

smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2014-3862

prion1 nvd1 cvelist1