CVE-2017-6910 (GCVE-0-2017-6910)
Vulnerability from cvelistv5 – Published: 2018-04-12 15:00 – Updated: 2024-08-05 15:41
VLAI
EPSS
VEX
Summary
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.kaazing.com/hc/en-us/articles/115… | x_refsource_CONFIRM |
Date Public
2017-04-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kaazing.com/hc/en-us/articles/115004752368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kaazing.com/hc/en-us/articles/115004752368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaazing.com/hc/en-us/articles/115004752368",
"refsource": "CONFIRM",
"url": "https://support.kaazing.com/hc/en-us/articles/115004752368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6910",
"datePublished": "2018-04-12T15:00:00.000Z",
"dateReserved": "2017-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:41:17.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-6910",
"date": "2026-07-17",
"epss": "0.01966",
"percentile": "0.78129"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.5.3\", \"matchCriteriaId\": \"DC457927-FBA7-40B4-A8F3-43D77E050A2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"605F8BA7-68CF-42B0-85A9-21AADA2DBBC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:hotfix1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CE7386-A6A7-4083-ABCC-308BDCBB72EB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:*:hotfix1:*:*:jms:*:*:*\", \"versionStartIncluding\": \"4.4.0\", \"versionEndExcluding\": \"4.4.2\", \"matchCriteriaId\": \"07C4DEAC-6739-4195-BB6A-F61549C05608\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:*:*:*:*:jms:*:*:*\", \"versionStartIncluding\": \"4.5.0\", \"versionEndExcluding\": \"4.5.3\", \"matchCriteriaId\": \"664A2CB3-B739-40FE-9E39-2304886E562F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.0.5:*:*:*:jms:*:*:*\", \"matchCriteriaId\": \"205D9C60-D31B-4F7D-8C18-B249A8A17164\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.0.6:*:*:*:jms:*:*:*\", \"matchCriteriaId\": \"73B41C3E-184E-4D8B-A51D-A2FA2B813FE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.0.6:hotfix2:*:*:jms:*:*:*\", \"matchCriteriaId\": \"8C21A5D5-D0CD-4C0A-B4B1-B347334854A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.0.7:*:*:*:jms:*:*:*\", \"matchCriteriaId\": \"41F28304-6392-4FA2-AC2D-E29BD96EB414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.4.2:hotfix1:*:*:jms:*:*:*\", \"matchCriteriaId\": \"58CA61F8-6B9E-4A4E-88C5-D438BE71EB2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:hotfix1:*:*:jms:*:*:*\", \"matchCriteriaId\": \"CEA5CD95-09A5-4B76-A070-765430822B05\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenefit:kaazing_websocket_gateway:*:*:*:*:community:*:*:*\", \"versionEndExcluding\": \"5.6.0\", \"matchCriteriaId\": \"4285FC8E-DC4C-4C33-99EB-D00753AE6A15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenefit:kaazing_websocket_gateway:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"5.6.0\", \"matchCriteriaId\": \"195047EF-F9E8-4502-B773-5A6476A55345\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.\"}, {\"lang\": \"es\", \"value\": \"Los componentes del motor HTTP y WebSocket en el servidor en Kaazing Gateway, en versiones anteriores a la 4.5.3 hotfix-1; Gateway - JMS Edition, en versiones anteriores a la 4.0.5 hotfix-15, 4.0.6 anteriores al hotfix-4, 4.0.7, 4.0.9 anteriores al hotfix-19, 4.4.x anteriores a la 4.4.2 hotfix-1, 4.5.x anteriores a la 4.5.3 hotfix-1; y las ediciones Community y Enterprise de Gateway anteriores a la versi\\u00f3n 5.6.0 permiten que atacantes remotos omitan las restricciones de acceso planeadas y obtengan informaci\\u00f3n sensible mediante vectores relacionados con la gesti\\u00f3n de peticiones HTTP.\"}]",
"id": "CVE-2017-6910",
"lastModified": "2024-11-21T03:30:46.220",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-04-12T15:29:00.537",
"references": "[{\"url\": \"https://support.kaazing.com/hc/en-us/articles/115004752368\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://support.kaazing.com/hc/en-us/articles/115004752368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-6910\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-04-12T15:29:00.537\",\"lastModified\":\"2024-11-21T03:30:46.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.\"},{\"lang\":\"es\",\"value\":\"Los componentes del motor HTTP y WebSocket en el servidor en Kaazing Gateway, en versiones anteriores a la 4.5.3 hotfix-1; Gateway - JMS Edition, en versiones anteriores a la 4.0.5 hotfix-15, 4.0.6 anteriores al hotfix-4, 4.0.7, 4.0.9 anteriores al hotfix-19, 4.4.x anteriores a la 4.4.2 hotfix-1, 4.5.x anteriores a la 4.5.3 hotfix-1; y las ediciones Community y Enterprise de Gateway anteriores a la versi\u00f3n 5.6.0 permiten que atacantes remotos omitan las restricciones de acceso planeadas y obtengan informaci\u00f3n sensible mediante vectores relacionados con la gesti\u00f3n de peticiones HTTP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.5.3\",\"matchCriteriaId\":\"DC457927-FBA7-40B4-A8F3-43D77E050A2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605F8BA7-68CF-42B0-85A9-21AADA2DBBC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:hotfix1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CE7386-A6A7-4083-ABCC-308BDCBB72EB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:*:hotfix1:*:*:jms:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.2\",\"matchCriteriaId\":\"07C4DEAC-6739-4195-BB6A-F61549C05608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:*:*:*:*:jms:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.3\",\"matchCriteriaId\":\"664A2CB3-B739-40FE-9E39-2304886E562F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.0.5:*:*:*:jms:*:*:*\",\"matchCriteriaId\":\"205D9C60-D31B-4F7D-8C18-B249A8A17164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.0.6:*:*:*:jms:*:*:*\",\"matchCriteriaId\":\"73B41C3E-184E-4D8B-A51D-A2FA2B813FE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.0.6:hotfix2:*:*:jms:*:*:*\",\"matchCriteriaId\":\"8C21A5D5-D0CD-4C0A-B4B1-B347334854A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.0.7:*:*:*:jms:*:*:*\",\"matchCriteriaId\":\"41F28304-6392-4FA2-AC2D-E29BD96EB414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.4.2:hotfix1:*:*:jms:*:*:*\",\"matchCriteriaId\":\"58CA61F8-6B9E-4A4E-88C5-D438BE71EB2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaazing:kaazing_gateway:4.5.3:hotfix1:*:*:jms:*:*:*\",\"matchCriteriaId\":\"CEA5CD95-09A5-4B76-A070-765430822B05\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenefit:kaazing_websocket_gateway:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"5.6.0\",\"matchCriteriaId\":\"4285FC8E-DC4C-4C33-99EB-D00753AE6A15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenefit:kaazing_websocket_gateway:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"5.6.0\",\"matchCriteriaId\":\"195047EF-F9E8-4502-B773-5A6476A55345\"}]}]}],\"references\":[{\"url\":\"https://support.kaazing.com/hc/en-us/articles/115004752368\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://support.kaazing.com/hc/en-us/articles/115004752368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…