CVE-2014-6153

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010
http://www.ibm.com/support/docview.wss?uid=swg21693379	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693381	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693384	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693387	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693389	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/97622
http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010
http://www.ibm.com/support/docview.wss?uid=swg21693379	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693381	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693384	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693387	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21693389	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/97622

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.1:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.2:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.3:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.4:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.5:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.3:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.4:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:::::::*

History

21 Nov 2024, 02:13

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010 -
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21693379 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21693379 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21693381 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21693381 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21693384 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21693384 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21693387 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21693387 - Vendor Advisory
References	~~() http://www.ibm.com/support/docview.wss?uid=swg21693389 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg21693389 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/97622 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/97622 -

Information

Published : 2014-12-24 11:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-6153

Mitre link : CVE-2014-6153

CVE.ORG link : CVE-2014-6153

JSON object : View

Products Affected

ibm

websphere_service_registry_and_repository

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-6153", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-24T11:59:02.493", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693379", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693381", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693384", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693387", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693389", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97622", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64010", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693379", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693381", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693384", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693387", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21693389", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97622", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}, {"lang": "es", "value": "La interfaz de usuario web en IBM WebSphere Service Registry y Repository (WSRR) 6.3.x a trav\u00e9s de 6.3.0.5, 7.0.x a trav\u00e9s de7.0.0.5, 7.5.x a trav\u00e9s de7.5.0.4, 8.0.x anterior a 8.0.0.3, y 8.5.x anterior a 8.5.0.1 no establece el indicador de seguridad en una cookie de sesi\u00f3n https, lo cual hace m\u00e1s f\u00e1cil a atacantes remotos capturar dicha cookie interceptando la transmisi\u00f3n dentro de una sesi\u00f3n http."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61668962-B744-40C2-8FFA-D6E48E841049"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92100CDC-DDA3-4AB3-829E-A936707EE6D4"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB11FDAF-3927-4609-920A-14449229A771"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB8DA020-7993-4C6D-A9AC-8E7D02375677"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "482DF55E-119B-4B70-93DA-D6193C10D023"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:6.3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22A2E36E-5D69-4290-9FA7-649CF479D1AD"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0A1926-D9D5-45EF-AA33-185093A88074"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AE93FF0-3F54-48CC-B300-C061ACDC4639"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB1D1124-9E01-4196-B851-E9A23F766E3A"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ADF778C-0771-42DF-A8D7-9F725D9584C2"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EE7B42E-5A06-4DEE-80BF-D7F886AE813F"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E51654-42DB-4400-B687-7134763AB451"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DFCC5E8-7DB0-445B-B063-7344B00DBFA8"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9569031-62CA-44C5-9FB0-69D107989BAF"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "669203FD-A817-4105-9862-6925A7347F32"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "998C56B9-E716-40AE-A692-0BCA22FD529A"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BFBDE1-5658-41F6-BA2C-2AF21458C604"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EE29478-9E09-4A39-9240-6281FCFD09A2"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60672CF6-8FBF-432E-8F60-B45FA6F6E276"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE60F797-DBCF-4A06-8C4E-9A42A1410304"}, {"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CF066A0-BF24-44B6-83E1-0D45CDFBC31A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

4.3 /10