PT-2015-7553 · Ibm · Ibm Datapower Gateway
Published
2015-11-14
·
Updated
2015-11-16
·
CVE-2015-7427
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DataPower Gateway appliances versions 6.x before 6.0.0.17
IBM DataPower Gateway appliances versions 6.0.1.x before 6.0.1.17
IBM DataPower Gateway appliances versions 7.x before 7.0.0.10
IBM DataPower Gateway appliances versions 7.1.0.x before 7.1.0.7
IBM DataPower Gateway appliances versions 7.2.x before 7.2.0.1
Description
The issue makes it easier for remote attackers to capture unspecified cookies by intercepting their transmission within an http session, as the secure flag is not set for these cookies in an https session.
Recommendations
For versions 6.x before 6.0.0.17, update to version 6.0.0.17 or later.
For versions 6.0.1.x before 6.0.1.17, update to version 6.0.1.17 or later.
For versions 7.x before 7.0.0.10, update to version 7.0.0.10 or later.
For versions 7.1.0.x before 7.1.0.7, update to version 7.1.0.7 or later.
For versions 7.2.x before 7.2.0.1, update to version 7.2.0.1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Datapower Gateway