CVE-2015-7427

{"id": "CVE-2015-7427", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-14T03:59:07.850", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969342", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."}, {"lang": "es", "value": "Dispositivos IBM DataPower Gateway con firmware 6.x en versiones anteriores a 6.0.0.17, 6.0.1.x en versiones anteriores a 6.0.1.17, 7.x en versiones anteriores a 7.0.0.10, 7.1.0.x en versiones anteriores a 7.1.0.7 y 7.2.x en versiones anteriores a 7.2.0.1 no establece el indicador de seguridad para cookies no especificadas en una sesi\u00f3n https, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos capturar estas cookies interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http."}], "lastModified": "2015-11-16T19:20:12.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E524A627-7C12-4690-8C0B-C8EC9E48E450", "versionEndIncluding": "6.0.0.16"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EFE4D39-69BE-485E-A850-24EDF8E18BD8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F3858D-8420-4131-B7D6-976CD3BBBAA5"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD00EC37-ED6D-4349-9A5F-BB21FCE24EDD"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58B546FD-78B5-4438-AADD-1572DE68B273"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69590843-270E-4224-B63C-B589D629866D"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83700E2-D030-4B21-98F0-0401CE4B569E"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD706737-C241-41AD-B3F0-2A8E79633011"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14F20A3A-7F6A-44FD-B24D-8C7948D1365B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18023261-EB9D-43B1-8F91-0F68F4477E6D"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66D37310-6F69-4D24-9DF1-16327FA793B0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "769FA930-C092-4769-89B7-F25E5CCDB42D"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "979409C4-7E43-441F-9805-F8BA3EA003C8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "488DC041-DF31-4D60-886A-7A4DDABAFA8B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78335FFF-BD0A-4EC4-A6C8-21B6C7D35E34"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C03D6FB-28DA-4805-AAAF-D41FC0E0CB4A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D2FE37-9E2A-476E-997E-631F68288648"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:6.0.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2C93C05-A6A1-4756-A155-62D952360FE7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A38D3F1-B9B7-4507-9E7D-8D6BB6B4BA5E"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCDD32DA-E5B7-4396-8DE4-EEE9E2A2578B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "102B1969-5BE1-4CC2-9588-691D715F4DA2"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8EBFF6E-53A2-4187-801A-8640D941C717"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A51FA23-9FF6-4236-9EBE-C063EA70211B"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16E0456B-A3DA-4E78-9566-11106CB57B86"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79CAC5E6-15C2-4F22-A3D3-CA58A33903F8"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4A92C11-CB05-4D5F-A58D-1AC2A2AE49E1"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9C4B24-3F61-4790-920E-67A287F4FD27"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3470C5C5-0023-433F-8266-05EDAC5E1C59"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46CC198-5282-4398-9AA3-96FA18D1B76F"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D48173CD-C84A-4A3A-A91A-E3808BFD0CCD"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EDB53F0-8AFD-4ACC-A8EC-D910E5B77996"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "022E5711-C03B-4456-8F31-C7685E010FD7"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FEDAEBE-CB98-4B2B-A228-4B730401262F"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFA9D43-38AE-4331-8031-DE20A0DDB02A"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A159909C-C85A-4A6D-B2FE-AAC130BAFC40"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:7.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32139A0-894E-4A7D-AED8-4584B1680693"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}