Lucene search

PRIOn knowledge basePRION:CVE-2009-3566

HistoryNov 13, 2009 - 3:30 p.m.

Cross site scripting

2009-11-1315:30:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

CPENameOperatorVersion
intrushield_network_security_managereq5.1.7.7
intrushield_network_security_managerle5.1.7.74
intrushield_network_security_managereq5.1.7.73

Name	Operator	Version
intrushield_network_security_manager	eq	5.1.7.7
intrushield_network_security_manager	le	5.1.7.74
intrushield_network_security_manager	eq	5.1.7.73

References

secunia.com/advisories/37178

securitytracker.com/id?1023172

www.osvdb.org/59912

www.securityfocus.com/archive/1/507822/100/0/threaded

www.securityfocus.com/bid/37004

www.vupen.com/english/advisories/2009/3226

exchange.xforce.ibmcloud.com/vulnerabilities/54251

kc.mcafee.com/corporate/index?page=content&id=SB10005

www.secureworks.com/ctu/advisories/SWRX-2009-002

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for PRION:CVE-2009-3566