Session Cookie Vulnerability in IBM WebSphere eXtreme Scale Products
CVE-2015-2025

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Extreme Scale
Vendor: CVE Published:; 4 October 2015

Summary

The WebSphere eXtreme Scale versions 7.1.0 (prior to 7.1.0.3) and 7.1.1 (prior to 7.1.1.1) fail to secure session cookies by not setting the 'secure' flag for HTTPS sessions. This oversight allows attackers to potentially intercept session cookies during transmission over unsecured HTTP connections, increasing the risk of unauthorized access and data compromise.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966044

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015