CVE-2017-6910

Name of the Vulnerable Software and Affected Versions Kaazing Gateway versions prior to 4.5.3 hotfix-1 Kaazing Gateway - JMS Edition versions prior to 4.0.5 hotfix-15 Kaazing Gateway - JMS Edition version 4.0.6 prior to hotfix-4 Kaazing Gateway - JMS Edition version 4.0.7 Kaazing Gateway - JMS Edition versions 4.0.9 prior to hotfix-19 Kaazing Gateway versions 4.4.x prior to 4.4.2 hotfix-1 Kaazing Gateway versions 4.5.x prior to 4.5.3 hotfix-1 Kaazing Gateway Community and Enterprise Editions versions prior to 5.6.0

Description The issue allows remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling. This is related to the HTTP and WebSocket engine components in the server.

Recommendations For Kaazing Gateway versions prior to 4.5.3 hotfix-1, update to version 4.5.3 hotfix-1 or later. For Kaazing Gateway - JMS Edition versions prior to 4.0.5 hotfix-15, update to version 4.0.5 hotfix-15 or later. For Kaazing Gateway - JMS Edition version 4.0.6, apply hotfix-4 or later. For Kaazing Gateway - JMS Edition version 4.0.7, update to a later version. For Kaazing Gateway - JMS Edition versions 4.0.9 prior to hotfix-19, apply hotfix-19 or later. For Kaazing Gateway versions 4.4.x prior to 4.4.2 hotfix-1, update to version 4.4.2 hotfix-1 or later. For Kaazing Gateway versions 4.5.x prior to 4.5.3 hotfix-1, update to version 4.5.3 hotfix-1 or later. For Kaazing Gateway Community and Enterprise Editions versions prior to 5.6.0, update to version 5.6.0 or later.