Vulnerability Description
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 7.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268
- http://www-01.ibm.com/support/docview.wss?uid=swg21684612Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93059
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268
- http://www-01.ibm.com/support/docview.wss?uid=swg21684612Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93059
FAQ
What is CVE-2014-3021?
CVE-2014-3021 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie ...
How severe is CVE-2014-3021?
CVE-2014-3021 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3021?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.