CVE-2017-6910

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
kaazingkaazing_gateway
𝑥
< 4.5.3
kaazingkaazing_gateway
4.5.3
kaazingkaazing_gateway
4.5.3:hotfix1
kaazingkaazing_gateway
4.4.0 ≤
𝑥
< 4.4.2
kaazingkaazing_gateway
4.5.0 ≤
𝑥
< 4.5.3
kaazingkaazing_gateway
4.0.5
kaazingkaazing_gateway
4.0.6
kaazingkaazing_gateway
4.0.6:hotfix2
kaazingkaazing_gateway
4.0.7
kaazingkaazing_gateway
4.4.2:hotfix1
kaazingkaazing_gateway
4.5.3:hotfix1
tenefitkaazing_websocket_gateway
𝑥
< 5.6.0
tenefitkaazing_websocket_gateway
𝑥
< 5.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.kaazing.com/hc/en-us/articles/115004752368
https://support.kaazing.com/hc/en-us/articles/115004752368