| |
Vulnerability CVE-2014-3021
Published: 2014-10-18 Modified: 2014-10-19
Description: |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. |
Type:
CWE-20 (Improper Input Validation)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://xforce.iss.net/xforce/xfdb/93059
http://www-01.ibm.com/support/docview.wss?uid=swg21684612
|
|
|
Copyright 2024, cxsecurity.com
|
|
|