CVE-2014-6164: Infoleak
First published: Thu Dec 18 2014(Updated: )
IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6164?
CVE-2014-6164 has a moderate severity rating due to its potential to allow attackers to spoof sensitive cookies.
How do I fix CVE-2014-6164?
To fix CVE-2014-6164, upgrade your IBM WebSphere Application Server to version 8.0.0.10 or later for 8.0.x and to version 8.5.5.4 or later for 8.5.x.
Which versions of IBM WebSphere Application Server are affected by CVE-2014-6164?
CVE-2014-6164 affects IBM WebSphere Application Server versions 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4.
What type of vulnerability is CVE-2014-6164?
CVE-2014-6164 is a cookie spoofing vulnerability that can lead to unauthorized access to sensitive information.
Are there any workarounds for CVE-2014-6164?
There are no known effective workarounds for CVE-2014-6164, so applying the necessary updates is recommended.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/8.0.0.0
- version/ibm websphere application server feature pack for web services/8.0.0.1
- version/ibm websphere application server feature pack for web services/8.0.0.2
- version/ibm websphere application server feature pack for web services/8.0.0.3
- version/ibm websphere application server feature pack for web services/8.0.0.4
- version/ibm websphere application server feature pack for web services/8.0.0.5
- version/ibm websphere application server feature pack for web services/8.0.0.6
- version/ibm websphere application server feature pack for web services/8.0.0.7
- version/ibm websphere application server feature pack for web services/8.0.0.8
- version/ibm websphere application server feature pack for web services/8.0.0.9
- version/ibm websphere application server feature pack for web services/8.5.0.0
- version/ibm websphere application server feature pack for web services/8.5.0.1
- version/ibm websphere application server feature pack for web services/8.5.0.2
- version/ibm websphere application server feature pack for web services/8.5.5.0
- version/ibm websphere application server feature pack for web services/8.5.5.1
- version/ibm websphere application server feature pack for web services/8.5.5.2
- version/ibm websphere application server feature pack for web services/8.5.5.3