CVE-2015-2025
CWE-200 — Information ExposureCWE-787 — Out-of-bounds WriteCWE-20 — Improper Input ValidationCWE-22 — Path TraversalCWE-79 — Cross-site Scripting (XSS)CWE-416 — Use After FreeCWE-287 — Improper AuthenticationCWE-120 — Classic Buffer OverflowCWE-190 — Integer OverflowCWE-776 — XML Entity Expansion (Billion Laughs)CWE-119 — Buffer Overflow22 documents9 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 51.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 4
Latest updateOct 2
Description
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVSS vector
AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1📋Vendor Advisories
15Microsoft▶
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial ↗2025-08-12
Microsoft▶
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide↗2024-01-09
Microsoft▶
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execu↗2020-02-11