CVE-2014-9250

2014-12-15T18:59:00
ID CVE-2014-9250
Type cve
Reporter cve@mitre.org
Modified 2016-03-21T16:23:00

Description

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.