CVE-2015-5183
Description
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1249182
Vendor advisory: secalert@redhat.com — https://access.redhat.com/errata/RHSA-2018:2840
Mitigation details
Description Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ Red Hat statement This flaw affects only the Red Hat AMQ Product, and does not impact Apache ActiveMQ. Errata / fixed releases ProductPackageAdvisoryReleased Red Hat AMQRHSA-2020:41542020-10-01T00:00:00Z Red Hat AMQRHSA-2020:53652020-12-08T00:00:00Z Red Hat JBoss A-MQ 6.3RHSA-2018:28402018-10-01T00:00:00Z Red…
Description
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ
Red Hat statement
This flaw affects only the Red Hat AMQ Product, and does not impact Apache ActiveMQ.
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat AMQ | | RHSA-2020:4154 | 2020-10-01T00:00:00Z |
| Red Hat AMQ | | RHSA-2020:5365 | 2020-12-08T00:00:00Z |
| Red Hat JBoss A-MQ 6.3 | | RHSA-2018:2840 | 2018-10-01T00:00:00Z |
| Red Hat JBoss Fuse 6.3 | | RHSA-2018:2840 | 2018-10-01T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat AMQ Broker 7 | Hawtio | Affected |
Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat AMQ Broker 7 | Affected |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | amq | {"endExcluding":"6.3"} | 6.3 |
| redhat | jboss_a-mq | 7 | |
| redhat | jboss_enterprise_web_server | 1.0.0 | |
References
- http://www.securitytracker.com/id/1041750
- https://access.redhat.com/errata/RHSA-2018:2840
- https://bugzilla.redhat.com/show_bug.cgi?id=1249182
- https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E
- http://www.securitytracker.com/id/1041750
- https://access.redhat.com/errata/RHSA-2018:2840
- https://bugzilla.redhat.com/show_bug.cgi?id=1249182
- https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r51c60b28154fe7b634e5f5b7a7fc7f6f060487b39a7b5e95e2c32047%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r63480b481eb5922465da102d97d0906d8823687f99ef3255ebc32be8%40%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E
Verify integrity in audit chain (admin only). AS-IS.