Количество 3
Количество 3
CVE-2016-2923
IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
GHSA-gv7c-7f95-pv44
IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
BDU:2016-01700
Уязвимость сервера приложений WebSphere Application Server, позволяющая нарушителю получить доступ к защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-2923 IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | CVSS3: 7.5 | 0% Низкий | больше 9 лет назад |
| GHSA-gv7c-7f95-pv44 IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
 | BDU:2016-01700 Уязвимость сервера приложений WebSphere Application Server, позволяющая нарушителю получить доступ к защищаемой информации | CVSS2: 5 | 0% Низкий | больше 9 лет назад |
Уязвимостей на страницу