CVE-2013-0540

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

Published: Apr 24, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0540
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	8.5.0.0	8.5.0.0.x
ibm / websphere_application_server	8.5.0.1	8.5.0.1.x

http://www-01.ibm.com/support/docview.wss?&uid=swg21632423
http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056
https://exchange.xforce.ibmcloud.com/vulnerabilities/82695

Vulnerability Database

CVE-2013-0540