{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21632423"}, {"name": "PM81056", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056"}, {"name": "was-ssl-sec-bypass(82695)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-0540", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?&uid=swg21632423", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21632423"}, {"name": "PM81056", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056"}, {"name": "was-ssl-sec-bypass(82695)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82695"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-0540", "datePublished": "2013-04-24T10:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*", "matchCriteriaId": "C59741DC-50CD-4F5A-BCB1-EB3B9AD58662", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*", "matchCriteriaId": "24016607-3BB3-409E-B2A3-C8A19CE9FB15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session."}, {"lang": "es", "value": "IBM WebSphere Application Server (WAS) Liberty Profile v8.5 antes de v8.5.0.2, cuando SSL no est\u00e1 habilitado, no se valida correctamente las cookies de autenticaci\u00f3n, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinados a trav\u00e9s de una sesi\u00f3n HTTP."}], "id": "CVE-2013-0540", "lastModified": "2017-08-29T01:33:05.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-24T10:28:37.470", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21632423"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82695"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}