Information Disclosure Vulnerability in HL7 C-CDA by HL7
CVE-2014-3862

Currently unrated

Key Information:

Vendor: Hl7
Status: C-cda
Vendor: CVE Published:; 2 September 2014

What is CVE-2014-3862?

The CDA.xsl file in HL7 C-CDA versions 1.1 and earlier is susceptible to a vulnerability that enables remote attackers to leverage crafted reference elements. This manipulation results in the generation of an IMG element whose SRC attribute may contain arbitrary URLs, potentially leading to the exposure of sensitive information through Referer logs. Attackers can exploit this flaw to gain insight into URLs that should remain confidential, thereby posing a significant risk to data privacy.

References

http://motorcycleguy.blogspot.com/2014/04/hl7-cda-stylesh...

x_refsource_CONFIRM

http://gforge.hl7.org/gf/project/strucdoc/frs/?action=Frs...

x_refsource_CONFIRM

http://smartplatforms.org/2014/04/security-vulnerabilitie...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2014
Vulnerability Reserved
May 25, 2014

Hl7

What is CVE-2014-3862?

References

Timeline