CVE-2014-3862

Published: Sep 2, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Affected (1)

Products: Hl7: C Cda

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hl7 C Cda	Up to 1.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088

Source: cve@mitre.org

Patch

http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html

Source: cve@mitre.org

Patch

http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/

Source: cve@mitre.org

Exploit

http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.