PT-2013-2406 · Ibm · Ibm Sterling Connect:Direct

Publicado

2013-06-21

Atualizado

2017-08-29

CVE-2013-0529

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Direct versions 1.4 through 1.4.0.10 IBM Sterling Connect:Direct versions 1.5 through 1.5.0.1

Description The issue concerns the Browser component in IBM Sterling Connect:Direct, where it fails to set the secure flag for the session cookie during an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For IBM Sterling Connect:Direct versions 1.4 through 1.4.0.10, update to version 1.4.0.11 or later. For IBM Sterling Connect:Direct versions 1.5 through 1.5.0.1, update to a version later than 1.5.0.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-0529

Produtos afetados

Ibm Sterling Connect:Direct

PT-2013-2406 · Ibm · Ibm Sterling Connect:Direct

CVE-2013-0529

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4