IBM Jazz Team Server Session Cookie Information Disclosure

medium Nessus Plugin ID 78066

Synopsis

The remote web application is utilizing an insecure session cookie.

Description

The remote IBM Jazz Team server is using a session cookie without the 'Secure' flag. A failure to set this flag may allow an attacker to intercept the cookie.

Solution

Upgrade to the recommended version according to the vendor advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21682787

Plugin Details

Severity: Medium

ID: 78066

File Name: ibm_jazz_team_server_cve_2014_3092.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 10/6/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-3092

Vulnerability Information

CPE: x-cpe:/a:ibm:jazz_team_server

Required KB Items: installed_sw/IBM Jazz Team Server

Exploit Ease: No known exploits are available

Patch Publication Date: 9/9/2014

Vulnerability Publication Date: 9/9/2014

Reference Information

CVE: CVE-2014-3092

BID: 69775