Lucene search

RedhatCVELIST:CVE-2014-9634

HistorySep 12, 2017 - 2:00 p.m.

CVE-2014-9634

2017-09-1214:00:00

redhat

www.cve.org

5.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

References

www.openwall.com/lists/oss-security/2015/01/22/3

www.securityfocus.com/bid/72054

bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682

bugzilla.redhat.com/show_bug.cgi?id=1185148

github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710

issues.jenkins-ci.org/browse/JENKINS-25019

jenkins.io/changelog-old/