CVE-2015-5183 - OpenCVE

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Jboss Enterprise Web Server Amq Jboss A-mq

Configuration 1 [-]

OR	cpe:2.3:a:redhat:amq::::::::
	cpe:2.3:a:redhat:jboss_a-mq:7:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1041750	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2840	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1249182	Issue Tracking Vendor Advisory
https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047%40%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8%40%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-09-25T21:00:00

Updated: 2021-01-05T09:06:10

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5183

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-25T21:29:00.413

Modified: 2023-11-07T02:26:03.260

Link: CVE-2015-5183

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-05T09:06:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1041750", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041750"}, {"name": "RHSA-2018:2840", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2840"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182"}, {"name": "[activemq-dev] 20191018 Re: NIST CVEs for ActiveMQ", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20200225 CVE-2015-5183", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8%40%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20200226 Re: CVE-2015-5183", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047%40%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20210105 Re: CVE-2015-5183", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1041750", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041750"}, {"name": "RHSA-2018:2840", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2840"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182"}, {"name": "[activemq-dev] 20191018 Re: NIST CVEs for ActiveMQ", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0@%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20200225 CVE-2015-5183", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8@%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20200226 Re: CVE-2015-5183", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047@%3Cdev.activemq.apache.org%3E"}, {"name": "[activemq-dev] 20210105 Re: CVE-2015-5183", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4@%3Cdev.activemq.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5183", "datePublished": "2017-09-25T21:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2021-01-05T09:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq:*:*:*:*:*:*:*:*", "matchCriteriaId": "85E45086-25EB-4462-A7AB-2620FB309052", "versionEndExcluding": "6.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", "matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "14259BF1-3601-4BF1-A591-FC4DE1639C57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ."}, {"lang": "es", "value": "Consola: Atributos de HTTPOnly y Secure no establecidos en las cookies de Red Hat AMQ."}], "id": "CVE-2015-5183", "lastModified": "2023-11-07T02:26:03.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-25T21:29:00.413", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041750"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2840"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249182"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047%40%3Cdev.activemq.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8%40%3Cdev.activemq.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}