CVE-2017-6910

moderate-risk
Published 2018-04-12

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (13)

Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Gateway
Kaazing Websocket Gateway
Kaazing Websocket Gateway

Affected Vendors

Tenefit Kaazing

References (2)

Mitigation https://support.kaazing.com/hc/en-us/articles/115004752368
Mitigation https://support.kaazing.com/hc/en-us/articles/115004752368
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate