CVE-2014-6153

Name of the Vulnerable Software and Affected Versions IBM WebSphere Service Registry and Repository (WSRR) versions 6.3.x through 6.3.0.5 IBM WebSphere Service Registry and Repository (WSRR) versions 7.0.x through 7.0.0.5 IBM WebSphere Service Registry and Repository (WSRR) versions 7.5.x through 7.5.0.4 IBM WebSphere Service Registry and Repository (WSRR) versions 8.0.x before 8.0.0.3 IBM WebSphere Service Registry and Repository (WSRR) versions 8.5.x before 8.5.0.1

Description The Web UI in IBM WebSphere Service Registry and Repository (WSRR) does not set the secure flag for a cookie in an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For versions 6.3.x through 6.3.0.5, update to a version after 6.3.0.5 to resolve the issue. For versions 7.0.x through 7.0.0.5, update to a version after 7.0.0.5 to resolve the issue. For versions 7.5.x through 7.5.0.4, update to a version after 7.5.0.4 to resolve the issue. For versions 8.0.x before 8.0.0.3, update to version 8.0.0.3 or later to resolve the issue. For versions 8.5.x before 8.5.0.1, update to version 8.5.0.1 or later to resolve the issue.