ID

VAR-201804-0257


CVE

CVE-2014-6309


TITLE

Kaazing Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2014-008607

DESCRIPTION

The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. Kaazing Gateway Contains an information disclosure vulnerability.Information may be obtained. Kaazing Gateway is a cross-platform, cross-browser gateway product written in Java language. HTTP is one of the HTTP server components. WebSocket engine components is one of the WebSocket engine components. A remote attacker could exploit this vulnerability to obtain sensitive information. The following versions are affected: Kaazing Gateway Version 4.0.2, Version 4.0.3, Version 4.0.4; Gateway (JMS Version) Version 4.0.2, Version 4.0.3, Version 4.0.4

Trust: 1.71

sources: NVD: CVE-2014-6309 // JVNDB: JVNDB-2014-008607 // VULHUB: VHN-74253

AFFECTED PRODUCTS

vendor:kaazingmodel:gatewayscope:eqversion:4.0.2

Trust: 1.4

vendor:kaazingmodel:gatewayscope:eqversion:4.0.3

Trust: 1.4

vendor:kaazingmodel:gatewayscope:eqversion:4.0.4

Trust: 1.4

vendor:tenefitmodel:kaazing websocket gatewayscope:eqversion:4.0.3

Trust: 1.0

vendor:tenefitmodel:kaazing websocket gatewayscope:eqversion:4.0.2

Trust: 1.0

vendor:tenefitmodel:kaazing websocket gatewayscope:eqversion:4.0.4

Trust: 1.0

vendor:kaazingmodel:gatewayscope:eqversion:jms edition 4.0.2

Trust: 0.8

vendor:kaazingmodel:gatewayscope:eqversion:jms edition 4.0.3

Trust: 0.8

vendor:kaazingmodel:gatewayscope:eqversion:jms edition 4.0.4

Trust: 0.8

sources: JVNDB: JVNDB-2014-008607 // CNNVD: CNNVD-201804-617 // NVD: CVE-2014-6309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6309
value: HIGH

Trust: 1.0

NVD: CVE-2014-6309
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-617
value: HIGH

Trust: 0.6

VULHUB: VHN-74253
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6309
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74253
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-6309
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2014-6309
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-74253 // JVNDB: JVNDB-2014-008607 // CNNVD: CNNVD-201804-617 // NVD: CVE-2014-6309

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-74253 // JVNDB: JVNDB-2014-008607 // NVD: CVE-2014-6309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-617

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-617

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008607

PATCH

title:Advisory for KGS-879url:https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879

Trust: 0.8

title:Kaazing Gateway HTTP and WebSocket Fixes for engine component information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83358

Trust: 0.6

sources: JVNDB: JVNDB-2014-008607 // CNNVD: CNNVD-201804-617

EXTERNAL IDS

db:NVDid:CVE-2014-6309

Trust: 2.5

db:JVNDBid:JVNDB-2014-008607

Trust: 0.8

db:CNNVDid:CNNVD-201804-617

Trust: 0.6

db:VULHUBid:VHN-74253

Trust: 0.1

sources: VULHUB: VHN-74253 // JVNDB: JVNDB-2014-008607 // CNNVD: CNNVD-201804-617 // NVD: CVE-2014-6309

REFERENCES

url:https://support.kaazing.com/hc/en-us/articles/115004550547-advisory-for-kgs-879

Trust: 1.7

url:https://support.tenefit.com/hc/en-us/articles/115004550547-advisory-for-kgs-879

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6309

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2014-6309

Trust: 0.8

sources: VULHUB: VHN-74253 // JVNDB: JVNDB-2014-008607 // CNNVD: CNNVD-201804-617 // NVD: CVE-2014-6309

SOURCES

db:VULHUBid:VHN-74253
db:JVNDBid:JVNDB-2014-008607
db:CNNVDid:CNNVD-201804-617
db:NVDid:CVE-2014-6309

LAST UPDATE DATE

2024-11-23T22:26:25.614000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-74253date:2018-05-22T00:00:00
db:JVNDBid:JVNDB-2014-008607date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-617date:2021-04-22T00:00:00
db:NVDid:CVE-2014-6309date:2024-11-21T02:14:08.813

SOURCES RELEASE DATE

db:VULHUBid:VHN-74253date:2018-04-12T00:00:00
db:JVNDBid:JVNDB-2014-008607date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-617date:2018-04-12T00:00:00
db:NVDid:CVE-2014-6309date:2018-04-12T15:29:00.210