CVE-2014-3862

NONE EPSS 67.1%
Published Sep 2, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 2, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

Threat Intelligence

EPSS Exploit Probability
67.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
hl7c-cda* ≤1.1

References 3

  • gforge.hl7.org http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088
    Patch
  • motorcycleguy.blogspot.com http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html
    Patch
  • smartplatforms.org http://smartplatforms.org/2014/04/security-vulnerabilities-in-ccda-display/
    Exploit

Remediation

  • gforge.hl7.org http://gforge.hl7.org/gf/project/strucdoc/frs/?action=FrsReleaseView&release_id=1088
    Patch
  • motorcycleguy.blogspot.com http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesheet-patches.html
    Patch