Lucene search

[email protected]CVE-2016-2923

HistoryJul 07, 2016 - 2:59 p.m.

CVE-2016-2923

2016-07-0714:59:06

CWE-200

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

security

cve-2016-2923

httponly

info disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch8.5.5.0liberty

ibmwebsphere_application_serverMatch8.5.5.1liberty

ibmwebsphere_application_serverMatch8.5.5.2liberty

ibmwebsphere_application_serverMatch8.5.5.3liberty

ibmwebsphere_application_serverMatch8.5.5.4liberty

ibmwebsphere_application_serverMatch8.5.5.5liberty

ibmwebsphere_application_serverMatch8.5.5.6liberty

ibmwebsphere_application_serverMatch8.5.5.7liberty

ibmwebsphere_application_serverMatch8.5.5.8liberty

ibmwebsphere_application_serverMatch8.5.5.9liberty

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq8.5.5.0
ibm:websphere_application_serveribm websphere application servereq8.5.5.1
ibm:websphere_application_serveribm websphere application servereq8.5.5.2
ibm:websphere_application_serveribm websphere application servereq8.5.5.3
ibm:websphere_application_serveribm websphere application servereq8.5.5.4
ibm:websphere_application_serveribm websphere application servereq8.5.5.5
ibm:websphere_application_serveribm websphere application servereq8.5.5.6
ibm:websphere_application_serveribm websphere application servereq8.5.5.7
ibm:websphere_application_serveribm websphere application servereq8.5.5.8
ibm:websphere_application_serveribm websphere application servereq8.5.5.9

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.0
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.1
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.2
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.3
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.4
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.5
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.6
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.7
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.8
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.9

References

www-01.ibm.com/support/docview.wss?uid=swg1PI61936

www-01.ibm.com/support/docview.wss?uid=swg21983700

www.securityfocus.com/bid/91518

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2016-2923

ibm10 prion1 nvd1 cvelist1 openvas1