CVE-2014-6153

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 24 December 2014

Summary

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

References

http://www.ibm.com/support/docview.wss?uid=swg21693389

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693384

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693379

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Sep 2, 2014