The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway – JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6309
Reference (s):
- https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879