A security vulnerability related to content handler URLs makes it possible to check if a system exists (for example, behind a firewall). A different error code is returned for
a) systems that exist but are not accessible via the proxy functionality versus
b) systems that do not exist.
WebSphere Service Registry and Repository versions 7, 7.5, 8.0, 8.5
Fixes are available for each version of WebSphere Service Registry and Repository. For versions 7.0, 7.5 and 8.0 the fixes are available from Business Space, while 8.5 requires a WSRR fix.
8.5: The fix will be included in the next WSRR 8.5 fix pack. Contact WSRR support if you wish to receive an earlier iFix.
**CVE ID:**CVE-2014-4746
CVSS
CVSS Base Score: 5.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94348> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)