IBM Security Bulletin: Authentication session cookie in IBM Workflow for Bluemix was missing Secure flag (CVE-2015-0102)
|
Información sobre el sistema
|
| |
|
|
Software afectado |
IBM |
Descripción
|
IBM Workflow for Bluemix tracks authentication state of users using session cookies. The Secure flag was not set for this cookie - allowing browsers to transmit the cookie value over unencrypted plain HTTP connections. An attacker eavesdropping on connection level and tricking the user to send a request to IBM Workflow for Bluemix via unencrypted HTTP could capture the cookie and impersonate the user. CVE(s): CVE-2015-0102 Affected product(s) and affected version(s): This vulnerability
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_authentication_session_cookie_in_ibm_workflow_for_bluemix_was_missing_secure_flag_cve_2015_0102?lang=en_us |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2015-0102 ,CVE-2015-0138 ,CVE-2015-0410 ,CVE-2015-0400 and CVE-2014-6593. |
