CVE-2014-6153 Information
Description
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5 7.0.x through 7.0.0.5 7.5.x through 7.5.0.4 8.0.x before 8.0.0.3 and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Reference
http://www.ibm.com/support/docview.wss?uid=swg21693379 http://www.ibm.com/support/docview.wss?uid=swg21693381 http://www.ibm.com/support/docview.wss?uid=swg21693384 http://www.ibm.com/support/docview.wss?uid=swg21693387 http://www.ibm.com/support/docview.wss?uid=swg21693389 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010 https://exchange.xforce.ibmcloud.com/vulnerabilities/97622
Share on: