CVE-2016-0372

Name of the Vulnerable Software and Affected Versions IBM Rational Collaborative Lifecycle Management versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational Quality Manager versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational Team Concert versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational DOORS Next Generation versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational Engineering Lifecycle Manager versions 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational Rhapsody Design Manager versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 Rational Software Architect Design Manager versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5

Description The issue arises because the affected software does not set the secure flag for the session cookie in an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.

Recommendations For IBM Rational Collaborative Lifecycle Management versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational Quality Manager versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational Team Concert versions 3.0.1.6 through 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational DOORS Next Generation versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational Engineering Lifecycle Manager versions 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational Rhapsody Design Manager versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue. For Rational Software Architect Design Manager versions 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5, apply the respective iFix updates to resolve the issue.