IBM Multiple Product Authentication Cookie Session Hijacking

2004-06-02T04:00:07
ID OSVDB:6625
Type osvdb
Reporter OSVDB
Modified 2004-06-02T04:00:07

Description

Vulnerability Description

Various IBM Tivoli applications contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered from improper handling of cookies when the session is authenticated from a form, which could possibly disclose restricted or sensitive information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released patches to address this vulnerability.

Short Description

Various IBM Tivoli applications contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered from improper handling of cookies when the session is authenticated from a form, which could possibly disclose restricted or sensitive information resulting in a loss of confidentiality.

References:

Secunia Advisory ID:11761 Other Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg21168762 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0018.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0091.html Keyword: aka "Potential Credential Impersonation Attack." ISS X-Force ID: 16315 CVE-2004-2558 Bugtraq ID: 10449