Red Hat JBoss A-MQ HawtIO Console Cookie 7pk security

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Red Hat JBoss A-MQ (Application Server Software) (unknown version) and classified as critical. This issue affects an unknown functionality of the component HawtIO Console. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 09:00 AM11/19/2019 11:35 AM01/14/2021 12:02 PM
cvss3_nvd_basescore6.36.36.3
typeApplication Server SoftwareApplication Server SoftwareApplication Server Software
vendorRed HatRed HatRed Hat
nameJBoss A-MQJBoss A-MQJBoss A-MQ
componentHawtIO ConsoleHawtIO ConsoleHawtIO Console
input_typeCookieCookieCookie
cwe254 (privilege escalation)254 (privilege escalation)254 (privilege escalation)
risk111
historic000
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore7.57.57.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore6.36.36.3
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aLLL
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
locationBugzillaBugzillaBugzilla
typeBug ReportBug ReportBug Report
urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1249182https://bugzilla.redhat.com/show_bug.cgi?id=1249182https://bugzilla.redhat.com/show_bug.cgi?id=1249182
identifierBug 1249182Bug 1249182Bug 1249182
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2015-5183CVE-2015-5183CVE-2015-5183
cve_assigned143570880014357088001435708800
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryThe Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
seealso107088 107086 107085107088 107086 107085107088 107086 107085
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days787787787
discoverydate14383008001438300800
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=1249182https://bugzilla.redhat.com/show_bug.cgi?id=1249182
sectracker1041750
cvss2_nvd_basescore7.5

Interested in the pricing of exploits?

See the underground prices here!