CVE-2015-7427

Published Nov 14, 2015
Last updated 9 years ago
CVSS info 5.0
Overview

Description: IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
Source: psirt@us.ibm.com
NVD status: Analyzed
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E524A627-7C12-4690-8C0B-C8EC9E48E450",
            "versionEndIncluding": "6.0.0.16"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EFE4D39-69BE-485E-A850-24EDF8E18BD8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5F3858D-8420-4131-B7D6-976CD3BBBAA5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD00EC37-ED6D-4349-9A5F-BB21FCE24EDD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58B546FD-78B5-4438-AADD-1572DE68B273"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69590843-270E-4224-B63C-B589D629866D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F83700E2-D030-4B21-98F0-0401CE4B569E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD706737-C241-41AD-B3F0-2A8E79633011"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14F20A3A-7F6A-44FD-B24D-8C7948D1365B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18023261-EB9D-43B1-8F91-0F68F4477E6D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66D37310-6F69-4D24-9DF1-16327FA793B0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "769FA930-C092-4769-89B7-F25E5CCDB42D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "979409C4-7E43-441F-9805-F8BA3EA003C8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "488DC041-DF31-4D60-886A-7A4DDABAFA8B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78335FFF-BD0A-4EC4-A6C8-21B6C7D35E34"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C03D6FB-28DA-4805-AAAF-D41FC0E0CB4A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1D2FE37-9E2A-476E-997E-631F68288648"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2C93C05-A6A1-4756-A155-62D952360FE7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40"
          },
          {
            "criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
