Advisory for KGS-879 Original release date: September 29, 2014 Last revised: -- Source: Kaazing Corporation Systems Affected Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 Kaazing Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 The following components are affected: * Kaazing Gateway server, HTTP and WebSocket engine Description The Kaazing Gateway and Kaazing Gateway - JMS Edition components listed above contain a critical vulnerability in the handling of HTTP requests which may result in information disclosure. Kaazing has released updated versions of the affected software products which address these issues. Kaazing strongly recommends sites running the affected components install the applicable update as described below. Impact The impact of this vulnerability is information disclosure. CVSS V2 Risk Assessment CVSS Base Score: 7.5 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C/CDP:ND/TD:L/CR:ND/IR:ND/AR:ND Solution For each affected system, update to the corresponding software versions: Kaazing Gateway 4.0.5 or higher Kaazing Gateway - JMS Edition 4.0.5 or higher References https://support.kaazing.com/hc/en-us/articles/... CVE: CVE-2014-6309
Comments