CVE-2014-0154

2015-02-13T10:59:03
ID CVE-2014-0154
Type cve
Reporter NVD
Modified 2015-02-13T18:19:19

Description

oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.