{"api_version":"1","generated_at":"2026-05-05T03:57:50+00:00","cve":"CVE-2014-0909","urls":{"html":"https://cve.report/CVE-2014-0909","api":"https://cve.report/api/cve/CVE-2014-0909.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-0909","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-0909"},"summary":{"title":"CVE-2014-0909","description":"The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2014-09-10 10:55:00","updated_at":"2017-08-29 01:34:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24038045","name":"http://www-01.ibm.com/support/docview.wss?uid=swg24038045","refsource":"CONFIRM","tags":[],"title":"IBM Rational License Key Server Fix Pack 4 (8.1.4.4) for 8.1.4 - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/69642","name":"69642","refsource":"BID","tags":[],"title":"IBM RLKS Administration and Reporting Tool CVE-2014-0909 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91872","name":"ibm-rlksart-cve20140909-cookie(91872)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681449","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21681449","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerability (CVE-2014-0909, CVE-2014-3079 and CVE-2014-4756)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-0909","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0909","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"909","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"rational_license_key_server","cpe6":"8.1.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2014-0909","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"69642","refsource":"BID","url":"http://www.securityfocus.com/bid/69642"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg24038045","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg24038045"},{"name":"ibm-rlksart-cve20140909-cookie(91872)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91872"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21681449","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21681449"}]}},"nvd":{"publishedDate":"2014-09-10 10:55:00","lastModifiedDate":"2017-08-29 01:34:00","problem_types":["CWE-200"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_license_key_server:8.1.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_license_key_server:8.1.4.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:rational_license_key_server:8.1.4.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"909","Ordinal":"67904","Title":"CVE-2014-0909","CVE":"CVE-2014-0909","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"909","Ordinal":"1","NoteData":"The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"909","Ordinal":"2","NoteData":"2014-09-10","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"909","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}