Session Cookie Vulnerability in IBM WebSphere eXtreme Scale Products
CVE-2015-2025
Currently unrated
Summary
The WebSphere eXtreme Scale versions 7.1.0 (prior to 7.1.0.3) and 7.1.1 (prior to 7.1.1.1) fail to secure session cookies by not setting the 'secure' flag for HTTPS sessions. This oversight allows attackers to potentially intercept session cookies during transmission over unsecured HTTP connections, increasing the risk of unauthorized access and data compromise.
References
Timeline
Vulnerability published
Vulnerability Reserved