Lucene search
IbmCVE-2013-0540HistoryApr 24, 2013 - 10:28 a.m.
CVE-2013-0540
2013-04-2410:28:37
CWE-287
ibm
web.nvd.nist.gov
39
ibm
websphere
application server
liberty profile
cve-2013-0540
ssl
authentication
cookie validation
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
44.2%
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
Affected configurations
Node
ibmwebsphere_application_serverMatch8.5.0.0-liberty_profile
ORibmwebsphere_application_serverMatch8.5.0.1-liberty_profile
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 8.5.0.0 | cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:* |
| ibm | websphere_application_server | 8.5.0.1 | cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2013-04-24 10:28:00
cvelist
cvelist
CVE-2013-0540
2013-04-24 10:00:00
nvd
nvd
CVE-2013-0540
2013-04-24 10:28:37
openvas
openvas
IBM Websphere Application Server Multiple Vulnerabilities -13 (Jan 2016)
2016-01-20 00:00:00
ibm
ibm
nessus
nessus
IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities
2013-05-10 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
44.2%
Related for CVE-2013-0540