VIR Vulnerability Intelligence Relay

CVE-2015-5183

high
Published 2017-09-25 Β· Modified 2026-05-13
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
7.5

Description

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Predictions

Exploit likelihood
83%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ Red Hat statement This flaw affects only the Red Hat AMQ Product, and does not impact Apache ActiveMQ. Errata / fixed releases ProductPackageAdvisoryReleased Red Hat AMQRHSA-2020:41542020-10-01T00:00:00Z Red Hat AMQRHSA-2020:53652020-12-08T00:00:00Z Red Hat JBoss A-MQ 6.3RHSA-2018:28402018-10-01T00:00:00Z Red…

Description

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

Red Hat statement

This flaw affects only the Red Hat AMQ Product, and does not impact Apache ActiveMQ.

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat AMQRHSA-2020:41542020-10-01T00:00:00Z
Red Hat AMQRHSA-2020:53652020-12-08T00:00:00Z
Red Hat JBoss A-MQ 6.3RHSA-2018:28402018-10-01T00:00:00Z
Red Hat JBoss Fuse 6.3RHSA-2018:28402018-10-01T00:00:00Z

Package state

ProductPackageState
Red Hat AMQ Broker 7HawtioAffected

Affected

VendorProductVersion
redhatRed Hat AMQ Broker 7Affected

Application impact
VendorProductVersionsFixed
redhat redhatamq{"endExcluding":"6.3"}6.3
redhat redhatjboss_a-mq7
redhat redhatjboss_enterprise_web_server1.0.0

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.