Severity
4.3MEDIUM
EPSS
0.6%
top 30.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 24
Latest updateMay 17
Description
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS vector
AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages1 packages
🔴Vulnerability Details
2💬Community
1Bugzilla▶
CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix↗2014-08-12