CVE-2016-0372: Infoleak

First published: Thu Nov 24 2016(Updated: )

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/weakness
• agent/author
• agent/severity
• agent/references
• agent/type
• agent/event
• agent/description
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/ibm
• canonical/ibm rational team concert
• version/ibm rational team concert/3.0.1.6
• version/ibm rational team concert/4.0.0
• version/ibm rational team concert/4.0.1
• version/ibm rational team concert/4.0.2
• version/ibm rational team concert/4.0.3
• version/ibm rational team concert/4.0.4
• version/ibm rational team concert/4.0.5
• version/ibm rational team concert/4.0.6
• version/ibm rational team concert/4.0.7
• version/ibm rational team concert/5.0.0
• version/ibm rational team concert/5.0.1
• version/ibm rational team concert/5.0.2
• version/ibm rational team concert/6.0.0
• version/ibm rational team concert/6.0.1
• version/ibm rational team concert/6.0.2
• canonical/ibm rational quality manager
• version/ibm rational quality manager/3.0.1.6
• version/ibm rational quality manager/4.0.0
• version/ibm rational quality manager/4.0.1
• version/ibm rational quality manager/4.0.2
• version/ibm rational quality manager/4.0.3
• version/ibm rational quality manager/4.0.4
• version/ibm rational quality manager/4.0.5
• version/ibm rational quality manager/4.0.6
• version/ibm rational quality manager/4.0.7
• version/ibm rational quality manager/5.0.0
• version/ibm rational quality manager/5.0.1
• version/ibm rational quality manager/5.0.2
• version/ibm rational quality manager/6.0.0
• version/ibm rational quality manager/6.0.1
• version/ibm rational quality manager/6.0.2
• canonical/ibm rational software architect design manager
• version/ibm rational software architect design manager/4.0.0
• version/ibm rational software architect design manager/4.0.1
• version/ibm rational software architect design manager/4.0.2
• version/ibm rational software architect design manager/4.0.3
• version/ibm rational software architect design manager/4.0.4
• version/ibm rational software architect design manager/4.0.5
• version/ibm rational software architect design manager/4.0.6
• version/ibm rational software architect design manager/4.0.7
• version/ibm rational software architect design manager/5.0.0
• version/ibm rational software architect design manager/5.0.1
• version/ibm rational software architect design manager/5.0.2
• version/ibm rational software architect design manager/6.0.0
• version/ibm rational software architect design manager/6.0.1
• version/ibm rational software architect design manager/6.0.2
• canonical/ibm rational collaborative lifecycle management
• version/ibm rational collaborative lifecycle management/3.0.1.6
• version/ibm rational collaborative lifecycle management/4.0.0
• version/ibm rational collaborative lifecycle management/4.0.1
• version/ibm rational collaborative lifecycle management/4.0.2
• version/ibm rational collaborative lifecycle management/4.0.3
• version/ibm rational collaborative lifecycle management/4.0.4
• version/ibm rational collaborative lifecycle management/4.0.5
• version/ibm rational collaborative lifecycle management/4.0.6
• version/ibm rational collaborative lifecycle management/4.0.7
• version/ibm rational collaborative lifecycle management/5.0.0
• version/ibm rational collaborative lifecycle management/5.0.1
• version/ibm rational collaborative lifecycle management/5.0.2
• version/ibm rational collaborative lifecycle management/6.0.0
• version/ibm rational collaborative lifecycle management/6.0.1
• version/ibm rational collaborative lifecycle management/6.0.2
• canonical/ibm rational engineering lifecycle manager
• version/ibm rational engineering lifecycle manager/4.0.0
• version/ibm rational engineering lifecycle manager/4.0.1
• version/ibm rational engineering lifecycle manager/4.0.2
• version/ibm rational engineering lifecycle manager/4.0.3
• version/ibm rational engineering lifecycle manager/4.0.4
• version/ibm rational engineering lifecycle manager/4.0.5
• version/ibm rational engineering lifecycle manager/4.0.6
• version/ibm rational engineering lifecycle manager/4.0.7
• version/ibm rational engineering lifecycle manager/5.0.0
• version/ibm rational engineering lifecycle manager/5.0.1
• version/ibm rational engineering lifecycle manager/5.0.2
• version/ibm rational engineering lifecycle manager/6.0.0
• version/ibm rational engineering lifecycle manager/6.0.1
• version/ibm rational engineering lifecycle manager/6.0.2
• canonical/ibm rational rhapsody design manager
• version/ibm rational rhapsody design manager/4.0
• version/ibm rational rhapsody design manager/4.0.1
• version/ibm rational rhapsody design manager/4.0.2
• version/ibm rational rhapsody design manager/4.0.3
• version/ibm rational rhapsody design manager/4.0.4
• version/ibm rational rhapsody design manager/4.0.5
• version/ibm rational rhapsody design manager/4.0.6
• version/ibm rational rhapsody design manager/4.0.7
• version/ibm rational rhapsody design manager/5.0.0
• version/ibm rational rhapsody design manager/5.0.1
• version/ibm rational rhapsody design manager/5.0.2
• version/ibm rational rhapsody design manager/6.0.0
• version/ibm rational rhapsody design manager/6.0.1
• version/ibm rational rhapsody design manager/6.0.2
• canonical/ibm rational doors next generation
• version/ibm rational doors next generation/4.0.0
• version/ibm rational doors next generation/4.0.1
• version/ibm rational doors next generation/4.0.2
• version/ibm rational doors next generation/4.0.3
• version/ibm rational doors next generation/4.0.4
• version/ibm rational doors next generation/4.0.5
• version/ibm rational doors next generation/4.0.6
• version/ibm rational doors next generation/4.0.7
• version/ibm rational doors next generation/5.0.0
• version/ibm rational doors next generation/5.0.1
• version/ibm rational doors next generation/5.0.2
• version/ibm rational doors next generation/6.0.0
• version/ibm rational doors next generation/6.0.1
• version/ibm rational doors next generation/6.0.2