CVE-2016-0372 (rational_collaborative_lifecycle_management, rational_doors_next_generation, rational_engineering_lifecycle_manager, rational_quality_manager, rational_rhapsody_design_manager, rational_software_architect_design_manager, rational_team_concert)

CVE-2016-0372 (rational_collaborative_lifecycle_management, rational_doors_next_generation, rational_engineering_lifecycle_manager, rational_quality_manager, rational_rhapsody_design_manager, rational_software_architect_design_manager, rational_team_concert)

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Source: CVE-2016-0372 (rational_collaborative_lifecycle_management, rational_doors_next_generation, rational_engineering_lifecycle_manager, rational_quality_manager, rational_rhapsody_design_manager, rational_software_architect_design_manager, rational_team_concert)

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다