Lucene search
MitreCVELIST:CVE-2013-7436HistoryApr 10, 2015 - 2:00 p.m.
CVE-2013-7436
2015-04-1014:00:00
mitre
www.cve.org
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
rhn.redhat.com/errata/RHSA-2015-0788.html
rhn.redhat.com/errata/RHSA-2015-0833.html
rhn.redhat.com/errata/RHSA-2015-0834.html
rhn.redhat.com/errata/RHSA-2015-0884.html
www.openwall.com/lists/oss-security/2015/02/17/1
www.openwall.com/lists/oss-security/2015/03/12/13
bugzilla.redhat.com/show_bug.cgi?id=1193451
github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
Related
redhat
redhat
(RHSA-2015:0788) Moderate: novnc security update
2015-04-07 00:00:00
(RHSA-2015:0884) Moderate: novnc security update
2015-04-23 00:00:00
(RHSA-2015:0833) Moderate: novnc security update
2015-04-16 13:12:19
ubuntucve
ubuntucve
CVE-2013-7436
2015-04-10 00:00:00
debiancve
debiancve
CVE-2013-7436
2015-04-10 14:59:00
cve
cve
CVE-2013-7436
2015-04-10 14:59:00
veracode
veracode
Insecure Cookies
2019-01-15 09:05:23
Insecure Cookies
2018-07-18 08:48:48
mageia
mageia
Updated novnc packages fix CVE-2013-7436
2015-04-04 13:45:56
prion
prion
Session fixation
2015-04-10 14:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0133)
2022-01-28 00:00:00
nessus
nessus
RHEL 6 : novnc (RHSA-2015:0884)
2024-04-27 00:00:00
nvd
nvd
CVE-2013-7436
2015-04-10 14:59:00