IBM WebSphere Application Server (WAS) 8.5 up to and including 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 8.5.5.9 |
||
ibm websphere application server 8.5.5.8 |
||
ibm websphere application server 8.5.5.1 |
||
ibm websphere application server 8.5.5.0 |
||
ibm websphere application server 8.5.5.3 |
||
ibm websphere application server 8.5.5.2 |
||
ibm websphere application server 8.5.5.7 |
||
ibm websphere application server 8.5.5.6 |
||
ibm websphere application server 8.5.5.5 |
||
ibm websphere application server 8.5.5.4 |