It was found that JBoss A-MQ's Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user.
Find out more about CVE-2015-5183 from the MITRE CVE dictionary dictionary and NIST NVD.
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss A-MQ 6.3 | RHSA-2018:2840 | 2018-10-01 |
Red Hat JBoss Fuse 6.3 | RHSA-2018:2840 | 2018-10-01 |