Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6153

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-6153
Last Modified 24 Dec 2014 01:51:08
Published 24 Dec 2014 06:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-6153

Summary

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vulnerable Systems

Application

  • Ibm Websphere Service Registry And Repository 6.3.0

  • Ibm Websphere Service Registry And Repository 6.3.0.1

  • Ibm Websphere Service Registry And Repository 6.3.0.2

  • Ibm Websphere Service Registry And Repository 6.3.0.3

  • Ibm Websphere Service Registry And Repository 6.3.0.4

  • Ibm Websphere Service Registry And Repository 6.3.0.5

  • Ibm Websphere Service Registry And Repository 7.0.0

  • Ibm Websphere Service Registry And Repository 7.0.0.1

  • Ibm Websphere Service Registry And Repository 7.0.0.2

  • Ibm Websphere Service Registry And Repository 7.0.0.3

  • Ibm Websphere Service Registry And Repository 7.0.0.4

  • Ibm Websphere Service Registry And Repository 7.0.0.5

  • Ibm Websphere Service Registry And Repository 7.5.0.0

  • Ibm Websphere Service Registry And Repository 7.5.0.1

  • Ibm Websphere Service Registry And Repository 7.5.0.2

  • Ibm Websphere Service Registry And Repository 7.5.0.3

  • Ibm Websphere Service Registry And Repository 7.5.0.4

  • Ibm Websphere Service Registry And Repository 8.0

  • Ibm Websphere Service Registry And Repository 8.0.0.1

  • Ibm Websphere Service Registry And Repository 8.0.0.2

  • Ibm Websphere Service Registry And Repository 8.5


References

XF - ibm-wsrr-cve20146153-cookie(97622)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21693389

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21693387

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21693384

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21693381

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21693379

AIXAPAR - IV64010


Last Updated: 27 May 2016 11:07:21