CVE-2014-3021

IBM WebSphere Application Server 7.0-7.0.0.35 8.0-8.0.0.10 8.5-8.5.5.4 - Information Disclosure via HTTP Header Handling

Title source: llm
STIX 2.1

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method.

References (3)

Core 3
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI08268
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21684612
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/93059

Scores

EPSS 0.0223
EPSS Percentile 80.7%

Details

CWE
CWE-20
Status published
Products (47)
ibm/websphere_application_server 7.0
ibm/websphere_application_server 7.0.0.1
ibm/websphere_application_server 7.0.0.2
ibm/websphere_application_server 7.0.0.3
ibm/websphere_application_server 7.0.0.4
ibm/websphere_application_server 7.0.0.5
ibm/websphere_application_server 7.0.0.6
ibm/websphere_application_server 7.0.0.7
ibm/websphere_application_server 7.0.0.8
ibm/websphere_application_server 7.0.0.9
... and 37 more
Published Oct 19, 2014
Tracked Since Feb 18, 2026