lukehutch Gribbit HttpRequestHandler.java messageReceived missing origin validation in websockets
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived
of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. Using CWE to declare the problem leads to CWE-1385. The weakness was released 01/09/2023 as 620418df247aebda3dd4be1dda10fe229ea505dd. The advisory is shared for download at github.com.
This vulnerability is traded as CVE-2014-125071. The attack can only be initiated within the local network. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. As 0-day the estimated underground price was around $0-$5k.
The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.