CVE-2015-5183 Information
Feb 14, 2021
cve
Description
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Reference
http://www.securitytracker.com/id/1041750 https://access.redhat.com/errata/RHSA-2018:2840 https://bugzilla.redhat.com/show_bug.cgi?id=1249182 https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0@3Cdev.activemq.apache.org3E https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047@3Cdev.activemq.apache.org3E https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8@3Cdev.activemq.apache.org3E
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
6.3
Share on: