Man-in-the-Middle Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6026

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Sterling Secure Proxy
Vendor: CVE Published:; 6 October 2016

Summary

The Configuration Manager in IBM Sterling Secure Proxy (SSP) versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1 is vulnerable to man-in-the-middle attacks. This issue arises from the acceptance of HTTP methods that are neither GET nor POST, which allows unauthorized attackers to intercept sensitive data transmitted between users and the server. Organizations using affected versions should take immediate steps to mitigate this vulnerability by updating to the recommended patches.

References

http://www.securityfocus.com/bid/93342

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21991278

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 29, 2016