Information Disclosure Vulnerability in HL7 C-CDA by HL7
CVE-2014-3862

Currently unrated

Key Information:

Vendor

Hl7

Status
C-cda
Vendor
CVE Published:
2 September 2014

What is CVE-2014-3862?

The CDA.xsl file in HL7 C-CDA versions 1.1 and earlier is susceptible to a vulnerability that enables remote attackers to leverage crafted reference elements. This manipulation results in the generation of an IMG element whose SRC attribute may contain arbitrary URLs, potentially leading to the exposure of sensitive information through Referer logs. Attackers can exploit this flaw to gain insight into URLs that should remain confidential, thereby posing a significant risk to data privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesh...
x_refsource_CONFIRM
http://gforge.hl7.org/gf/project/strucdoc/frs/?action=Frs...
x_refsource_CONFIRM
http://smartplatforms.org/2014/04/security-vulnerabilitie...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.