{ "id": "CVE-2015-7427", "sourceIdentifier": "psirt@us.ibm.com", "published": "2015-11-14T03:59:07.850", "lastModified": "2015-11-16T19:20:12.227", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session." }, { "lang": "es", "value": "Dispositivos IBM DataPower Gateway con firmware 6.x en versiones anteriores a 6.0.0.17, 6.0.1.x en versiones anteriores a 6.0.1.17, 7.x en versiones anteriores a 7.0.0.10, 7.1.0.x en versiones anteriores a 7.1.0.7 y 7.2.x en versiones anteriores a 7.2.0.1 no establece el indicador de seguridad para cookies no especificadas en una sesi\u00f3n https, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos capturar estas cookies interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "versionEndIncluding": "6.0.0.16", "matchCriteriaId": "E524A627-7C12-4690-8C0B-C8EC9E48E450" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EFE4D39-69BE-485E-A850-24EDF8E18BD8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5F3858D-8420-4131-B7D6-976CD3BBBAA5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD00EC37-ED6D-4349-9A5F-BB21FCE24EDD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "58B546FD-78B5-4438-AADD-1572DE68B273" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "69590843-270E-4224-B63C-B589D629866D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F83700E2-D030-4B21-98F0-0401CE4B569E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "AD706737-C241-41AD-B3F0-2A8E79633011" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "14F20A3A-7F6A-44FD-B24D-8C7948D1365B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "18023261-EB9D-43B1-8F91-0F68F4477E6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "66D37310-6F69-4D24-9DF1-16327FA793B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "769FA930-C092-4769-89B7-F25E5CCDB42D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "979409C4-7E43-441F-9805-F8BA3EA003C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "488DC041-DF31-4D60-886A-7A4DDABAFA8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "78335FFF-BD0A-4EC4-A6C8-21B6C7D35E34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "6C03D6FB-28DA-4805-AAAF-D41FC0E0CB4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "E1D2FE37-9E2A-476E-997E-631F68288648" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "B2C93C05-A6A1-4756-A155-62D952360FE7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693" } ] } ] } ], "references": [ { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279", "source": "psirt@us.ibm.com" }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969342", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ] } ] }