Lucene search
PRIOn knowledge basePRION:CVE-2014-9635HistorySep 12, 2017 - 2:29 p.m.
Design/Logic Flaw
2017-09-1214:29:00
PRIOn knowledge base
www.prio-n.com
2
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
References
www.openwall.com/lists/oss-security/2015/01/22/3
www.securityfocus.com/bid/72054
bugs.debian.org/cgi-bin/bugreport.cgi?bug=769682
bugzilla.redhat.com/show_bug.cgi?id=1185151
github.com/jenkinsci/jenkins/commit/582128b9ac179a788d43c1478be8a5224dc19710
issues.jenkins-ci.org/browse/JENKINS-25019
jenkins.io/changelog-old/
Related
nvd
nvd
CVE-2014-9635
2017-09-12 14:29:00
cve
cve
CVE-2014-9635
2017-09-12 14:29:00
github
github
Jenkins HttpOnly flag not Set for session cookies
2022-05-17 00:50:19
osv
osv
Jenkins HttpOnly flag not Set for session cookies
2022-05-17 00:50:19
cvelist
cvelist
CVE-2014-9635
2017-09-12 14:00:00
ubuntucve
ubuntucve
CVE-2014-9635
2017-09-12 00:00:00
nessus
nessus
Jenkins < 1.565.3 / 1.586 Multiple Vulnerabilities
2015-06-03 00:00:00
openvas
openvas
Jenkins < 1.586 Multiple Vulnerabilities - Windows
2022-09-01 00:00:00
Jenkins < 1.586 Multiple Vulnerabilities - Linux
2022-09-01 00:00:00