CVE-2015-7427
Published Nov 14, 2015
Last updated 9 years ago
Overview
- Description
- IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E524A627-7C12-4690-8C0B-C8EC9E48E450",
"versionEndIncluding": "6.0.0.16"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EFE4D39-69BE-485E-A850-24EDF8E18BD8"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5F3858D-8420-4131-B7D6-976CD3BBBAA5"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD00EC37-ED6D-4349-9A5F-BB21FCE24EDD"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58B546FD-78B5-4438-AADD-1572DE68B273"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69590843-270E-4224-B63C-B589D629866D"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F83700E2-D030-4B21-98F0-0401CE4B569E"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD706737-C241-41AD-B3F0-2A8E79633011"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14F20A3A-7F6A-44FD-B24D-8C7948D1365B"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18023261-EB9D-43B1-8F91-0F68F4477E6D"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66D37310-6F69-4D24-9DF1-16327FA793B0"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "769FA930-C092-4769-89B7-F25E5CCDB42D"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "979409C4-7E43-441F-9805-F8BA3EA003C8"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "488DC041-DF31-4D60-886A-7A4DDABAFA8B"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78335FFF-BD0A-4EC4-A6C8-21B6C7D35E34"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C03D6FB-28DA-4805-AAAF-D41FC0E0CB4A"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1D2FE37-9E2A-476E-997E-631F68288648"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C93C05-A6A1-4756-A155-62D952360FE7"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40"
},
{
"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693"
}
],
"operator": "OR"
}
]
}
]