VDB-107087 · CVE-2015-5183 · Bug 1249182

Red Hat JBoss A-MQ HawtIO Console Cookie 7pk security

A vulnerability was found in Red Hat JBoss A-MQ (Application Server Software) (unknown version) and classified as critical. This issue affects an unknown functionality of the component HawtIO Console. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	09/26/2017 09:00 AM	11/19/2019 11:35 AM	01/14/2021 12:02 PM
cvss3_nvd_basescore	6.3	6.3	6.3
type	Application Server Software	Application Server Software	Application Server Software
vendor	Red Hat	Red Hat	Red Hat
name	JBoss A-MQ	JBoss A-MQ	JBoss A-MQ
component	HawtIO Console	HawtIO Console	HawtIO Console
input_type	Cookie	Cookie	Cookie
cwe	254 (privilege escalation)	254 (privilege escalation)	254 (privilege escalation)
risk	1	1	1
historic	0	0	0
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	7.5	7.5	7.5
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	P	P	P
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	6.3	6.3	6.3
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	L	L	L
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	L	L	L
cvss3_nvd_i	L	L	L
cvss3_nvd_a	L	L	L
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
location	Bugzilla	Bugzilla	Bugzilla
type	Bug Report	Bug Report	Bug Report
url	https://bugzilla.redhat.com/show_bug.cgi?id=1249182	https://bugzilla.redhat.com/show_bug.cgi?id=1249182	https://bugzilla.redhat.com/show_bug.cgi?id=1249182
identifier	Bug 1249182	Bug 1249182	Bug 1249182
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve	CVE-2015-5183	CVE-2015-5183	CVE-2015-5183
cve_assigned	1435708800	1435708800	1435708800
cve_nvd_published	1506297600	1506297600	1506297600
cve_nvd_summary	The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.	The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.	The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
seealso	107088 107086 107085	107088 107086 107085	107088 107086 107085
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
0day_days	787	787	787
discoverydate		1438300800	1438300800
confirm_url		https://bugzilla.redhat.com/show_bug.cgi?id=1249182	https://bugzilla.redhat.com/show_bug.cgi?id=1249182
sectracker			1041750
cvss2_nvd_basescore			7.5

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!