CVE-2014-3021
IBM WebSphere Application Server 7.0-7.0.0.35 8.0-8.0.0.10 8.5-8.5.5.4 - Information Disclosure via HTTP Header Handling
Title source: llmDescription
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21684612
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93059
Scores
EPSS
0.0223
EPSS Percentile
80.7%
Details
CWE
CWE-20
Status
published
Products (47)
ibm/websphere_application_server
7.0
ibm/websphere_application_server
7.0.0.1
ibm/websphere_application_server
7.0.0.2
ibm/websphere_application_server
7.0.0.3
ibm/websphere_application_server
7.0.0.4
ibm/websphere_application_server
7.0.0.5
ibm/websphere_application_server
7.0.0.6
ibm/websphere_application_server
7.0.0.7
ibm/websphere_application_server
7.0.0.8
ibm/websphere_application_server
7.0.0.9
... and 37 more
Published
Oct 19, 2014
Tracked Since
Feb 18, 2026