PRIOn knowledge basePRION:CVE-2014-9634

HistorySep 12, 2017 - 2:29 p.m.

Session fixation

2017-09-1214:29:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.2%

JSON

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

CPENameOperatorVersion
jenkinsle1.585

CPE	Name	Operator	Version
	jenkins	le	1.585

References

www.openwall.com/lists/oss-security/2015/01/22/3

www.securityfocus.com/bid/72054

bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682

bugzilla.redhat.com/show_bug.cgi?id=1185148

github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710

issues.jenkins-ci.org/browse/JENKINS-25019

jenkins.io/changelog-old/