WebSphere Service Registry and Repository Cookie Security Flaw
CVE-2014-6153

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 24 December 2014

Summary

The Web UI of IBM WebSphere Service Registry and Repository fails to set the Secure flag for cookies transmitted during HTTPS sessions. This misconfiguration allows remote attackers to potentially capture sensitive cookie information during HTTP session transmissions, increasing the risk of session hijacking. The issue affects specific versions of WSRR, creating an urgent need for users to implement mitigating strategies and updates to protect their data.

References

http://www.ibm.com/support/docview.wss?uid=swg21693389

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693384

x_refsource_CONFIRM

http://www.ibm.com/support/docview.wss?uid=swg21693379

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Sep 2, 2014