HTTP and WebSocket Engine Components Vulnerability

HTTP and WebSocket Engine Components Vulnerability

CVE-2017-6910 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling.

Learn more about our Web App Pen Testing.