Lucene search

[email protected]CVE-2019-17104

HistoryOct 08, 2019 - 1:15 p.m.

CVE-2019-17104

2019-10-0813:15:15

CWE-565

[email protected]

web.nvd.nist.gov

centreon

cve-2019-17104

apache http server

httponly

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.

Affected configurations

NVD

Node

centreoncentreon_vmRange≤19.04.3

CPENameOperatorVersion
centreon:centreon_vmcentreon centreon vmle19.04.3

CPE	Name	Operator	Version
centreon:centreon_vm	centreon centreon vm	le	19.04.3

References

www.openwall.com/lists/oss-security/2019/10/09/2

github.com/centreon/centreon/issues/7097

www.openwall.com/lists/oss-security/2019/10/08/1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CVE-2019-17104

nvd1 cvelist1 veracode1 osv1 prion1 github1