CVE-2014-3021Improper Input Validation in IBM Websphere Application Server

CWE-20Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 47.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedOct 19
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6qvf-pj5p-fr7r: IBM WebSphere Application Server (WAS) 72022-05-17
CVEList
CVE-2014-3021: IBM WebSphere Application Server (WAS) 72014-10-19
CVE-2014-3021 — Improper Input Validation in IBM | cvebase