Sign-up

ID

VAR-201804-1048


CVE

CVE-2017-6910


TITLE

Kaazing Gateway of WebSocket engine Information disclosure vulnerability in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-013277

DESCRIPTION

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling. Kaazing Gateway of WebSocket engine The component contains an information disclosure vulnerability.Information may be obtained. A remote attacker could exploit this vulnerability to bypass access restrictions and obtain sensitive information. The following versions are affected: Kaazing Gateway 4.5.3 prior to hotfix-1; Gateway (JMS version) 4.0.5 prior to hotfix-15, 4.0.6 prior to 4.0.6 hotfix-4, 4.0.7, 4.0. 9 Version 4.0.9 before hotfix-19, version 4.4.x before 4.4.2 hotfix-1, version 4.5.x before 4.5.3 hotfix-1; Gateway (Community Edition and Enterprise Edition) version 5.6.0 before

Trust: 1.71

sources: NVD: CVE-2017-6910 // JVNDB: JVNDB-2017-013277 // VULHUB: VHN-115113

AFFECTED PRODUCTS

vendor:kaazingmodel:gatewayscope:eqversion:4.5.3

Trust: 1.6

vendor:kaazingmodel:gatewayscope:eqversion:4.0.6

Trust: 1.6

vendor:kaazingmodel:gatewayscope:eqversion:4.0.5

Trust: 1.6

vendor:kaazingmodel:gatewayscope:eqversion:4.4.2

Trust: 1.6

vendor:kaazingmodel:gatewayscope:eqversion:4.0.7

Trust: 1.6

vendor:kaazingmodel:gatewayscope:ltversion:4.4.2

Trust: 1.0

vendor:kaazingmodel:gatewayscope:gteversion:4.4.0

Trust: 1.0

vendor:kaazingmodel:gatewayscope:ltversion:4.5.3

Trust: 1.0

vendor:kaazingmodel:gatewayscope:gteversion:4.5.0

Trust: 1.0

vendor:tenefitmodel:kaazing websocket gatewayscope:ltversion:5.6.0

Trust: 1.0

vendor:kaazingmodel:gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-013277 // CNNVD: CNNVD-201703-550 // NVD: CVE-2017-6910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6910
value: HIGH

Trust: 1.0

NVD: CVE-2017-6910
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201703-550
value: HIGH

Trust: 0.6

VULHUB: VHN-115113
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6910
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115113
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6910
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115113 // JVNDB: JVNDB-2017-013277 // CNNVD: CNNVD-201703-550 // NVD: CVE-2017-6910

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-115113 // JVNDB: JVNDB-2017-013277 // NVD: CVE-2017-6910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-550

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-550

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013277

PATCH
title:Advisory for kaazing/tickets#1019url:https://support.kaazing.com/hc/en-us/articles/115004752368
Trust: 0.8
title:Kaazing Gateway Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147781
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013277 // 
            
            
            
            CNNVD: CNNVD-201703-550

EXTERNAL IDS
db:NVDid:CVE-2017-6910
Trust: 2.5
db:JVNDBid:JVNDB-2017-013277
Trust: 0.8
db:CNNVDid:CNNVD-201703-550
Trust: 0.7
db:VULHUBid:VHN-115113
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115113 // 
            
            
            
            JVNDB: JVNDB-2017-013277 // 
            
            
            
            CNNVD: CNNVD-201703-550 // 
            
            
            
            NVD: CVE-2017-6910

REFERENCES
url:https://support.kaazing.com/hc/en-us/articles/115004752368
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6910
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6910
Trust: 0.8
sources:
            
            
            VULHUB: VHN-115113 // 
            
            
            
            JVNDB: JVNDB-2017-013277 // 
            
            
            
            CNNVD: CNNVD-201703-550 // 
            
            
            
            NVD: CVE-2017-6910

SOURCES
db:VULHUBid:VHN-115113
db:JVNDBid:JVNDB-2017-013277
db:CNNVDid:CNNVD-201703-550
db:NVDid:CVE-2017-6910

LAST UPDATE DATE
2024-11-23T22:52:09.751000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115113date:2018-05-22T00:00:00
db:JVNDBid:JVNDB-2017-013277date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201703-550date:2021-04-20T00:00:00
db:NVDid:CVE-2017-6910date:2024-11-21T03:30:46.220

SOURCES RELEASE DATE
db:VULHUBid:VHN-115113date:2018-04-12T00:00:00
db:JVNDBid:JVNDB-2017-013277date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201703-550date:2017-03-15T00:00:00
db:NVDid:CVE-2017-6910date:2018-04-12T15:29:00.537