CVE-2018-1948

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes...

CVE-2018-5481

OnCommand Unified Manager for 7-Mode core package prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle MITM attacks...

Design/Logic Flaw

OnCommand Unified Manager for 7-Mode core package prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle MITM attacks...

CVE-2018-1804

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703...

CVE-2018-1804

IBM Security Access Manager Appliance is affected by CVE-2018-1804 due to not setting the secure attribute on authorization tokens or session cookies, enabling potential exposure of sensitive information via MITM. Affected versions: 9.0.1.0–9.0.5.0. Impact is described as information disclosure u...

CVE-2018-1484

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...

Low: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R9 security and bug fix update

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

CVE-2017-1732

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be...

CVE-2017-1368

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)

Summary IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. Vulnerability Details CVEID: CVE-2017-1319 DESCRIPTION: IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1993)

Summary Several cookies in QRadar Incident Forensics are missing the secure attribute. This allows attackers with Man in The Middle position access to steal the cookie value by tricking the victim to navigate to the site on an unencrypted connection. Vulnerability Details CVE-ID: CVE-2015-1993...

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform allows a malicious actor to reuse the session identifier of an authenticated user.

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform stems from the lack of setting the HTTPOnly or Secure attributes for cookie files. Exploiting this vulnerability allows a malicious actor to repeatedly use the authenticated user’s session identifier remotely...

Code injection

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...

F5 Networks BIG-IP : HTTP cookie vulnerability (SOL15406)

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 C Tenable Network Security, Inc. The...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...