Tenefit Support

Follow

Advisory for KGS-879

Advisory for KGS-879

    Original release date: September 29, 2014
    Last revised: --
    Source: Kaazing Corporation


Systems Affected

    Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4
    Kaazing Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4


    The following components are affected:

      * Kaazing Gateway server, HTTP and WebSocket engine


Description

    The Kaazing Gateway and Kaazing Gateway - JMS Edition components
    listed above contain a critical vulnerability in the handling of
    HTTP requests which may result in information disclosure.

    Kaazing has released updated versions of the affected software products
    which address these issues.  Kaazing strongly recommends sites running the
    affected components install the applicable update as described below.


Impact

    The impact of this vulnerability is information disclosure.


CVSS V2 Risk Assessment

    CVSS Base Score:        7.5
    Access Vector:          Network
    Access Complexity:      Low
    Authentication:         None
    Confidentiality Impact: Partial
    Integrity Impact:       Partial
    Availability Impact:    Partial

    CVSS v2 Vector:
    AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C/CDP:ND/TD:L/CR:ND/IR:ND/AR:ND


Solution

    For each affected system, update to the corresponding software versions:

    Kaazing Gateway 4.0.5 or higher
    Kaazing Gateway - JMS Edition 4.0.5 or higher


References

    https://support.kaazing.com/hc/en-us/articles/...
    CVE: CVE-2014-6309

Comments