Lucene search

K
cve[email protected]CVE-2017-6910
HistoryApr 12, 2018 - 3:29 p.m.

CVE-2017-6910

2018-04-1215:29:00
CWE-200
web.nvd.nist.gov
23
kaazing gateway
gateway-jms
security vulnerability
cve-2017-6910
http
websocket
remote attackers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.

Affected configurations

NVD
Node
kaazingkaazing_gatewayRange<4.5.3
OR
kaazingkaazing_gatewayMatch4.5.3
OR
kaazingkaazing_gatewayMatch4.5.3hotfix1
Node
kaazingkaazing_gatewayRange4.4.04.4.2hotfix1jms
OR
kaazingkaazing_gatewayRange4.5.04.5.3jms
OR
kaazingkaazing_gatewayMatch4.0.5jms
OR
kaazingkaazing_gatewayMatch4.0.6jms
OR
kaazingkaazing_gatewayMatch4.0.6hotfix2jms
OR
kaazingkaazing_gatewayMatch4.0.7jms
OR
kaazingkaazing_gatewayMatch4.4.2hotfix1jms
OR
kaazingkaazing_gatewayMatch4.5.3hotfix1jms
Node
tenefitkaazing_websocket_gatewayRange<5.6.0community
OR
tenefitkaazing_websocket_gatewayRange<5.6.0enterprise

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

Related for CVE-2017-6910