Session Cookie Vulnerability in IBM License Key Server
CVE-2014-0909

Currently unrated

Key Information:

Vendor: IBM
Status: Rational License Key Server
Vendor: CVE Published:; 10 September 2014

Summary

The Administration and Reporting Tool in IBM Rational License Key Server prior to version 8.1.4.4 fails to set the secure flag for session cookies during HTTPS sessions. This omission allows remote attackers to potentially intercept session cookies by capturing their transmissions over unsecured HTTP connections, thereby compromising the security of sensitive user data.

References

http://www.securityfocus.com/bid/69642

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg24038045

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91872

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jan 6, 2014