NVD

Id
16797  
Name
CVE-2016-0372  
Description
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-11-24  
Modified Date
2016-11-28  
Seq
2016-0372  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
93365 16797 CVE-2016-0372 http://www-01.ibm.com/support/docview.wss?uid=swg21991478  View
93366 16797 CVE-2016-0372 94541  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5173 JVNDB-2016-005946 複数の IBM Rational 製品における Cookie をキャプチャされる脆弱性 複数の IBM Rational 製品は、https セッションの Cookie に対して secure フラグを設定しないため、当該の Cookie をキャプチャされる脆弱性が存在します。 CVE-2016-0372 86576 CVE-2016-0372 16797 4.3 3.7 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005946.html 2016-09-30 2016-11-28 View