Detections
Analytics

IBM Jazz Team Server Session Cookie Information Disclosure

medium Nessus Plugin ID 78066

Language:

Synopsis

The remote web application is utilizing an insecure session cookie.

Description

The remote IBM Jazz Team server is using a session cookie without the 'Secure' flag. A failure to set this flag may allow an attacker to intercept the cookie.

Solution

Upgrade to the recommended version according to the vendor advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21682787

Plugin Details

Severity: Medium

ID: 78066

File Name: ibm_jazz_team_server_cve_2014_3092.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 10/6/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-3092

Vulnerability Information

CPE: x-cpe:/a:ibm:jazz_team_server

Required KB Items: installed_sw/IBM Jazz Team Server

Exploit Ease: No known exploits are available

Patch Publication Date: 9/9/2014

Vulnerability Publication Date: 9/9/2014

Reference Information

CVE: CVE-2014-3092

BID: 69775