IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2013-04-24T10:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-12-16T00:00:00
Link: CVE-2013-0540
JSON object: View
NVD Information
Status : Modified
Published: 2013-04-24T10:28:37.470
Modified: 2017-08-29T01:33:05.747
Link: CVE-2013-0540
JSON object: View
Redhat Information
No data.
CWE