Lucene search
RedHatRHSA-2015:0884HistoryApr 23, 2015 - 12:00 a.m.
(RHSA-2015:0884) Moderate: novnc security update
2015-04-2300:00:00
access.redhat.com
12
0.004 Low
EPSS
Percentile
74.7%
The novnc package provides a VNC client that uses HTML5 (Web Sockets,
Canvas) and includes encryption support.
It was discovered that noVNC did not properly set the ‘secure’ flag when
issuing cookies. An attacker could use this flaw to intercept cookies via a
man-in-the-middle attack. (CVE-2013-7436)
All novnc users are advised to upgrade to this updated package, which
corrects this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | src | novnc | < 0.5.1-2.el6ost | novnc-0.5.1-2.el6ost.src.rpm |
| RedHat | 6 | noarch | novnc | < 0.5.1-2.el6ost | novnc-0.5.1-2.el6ost.noarch.rpm |
Related
redhat
redhat
(RHSA-2015:0788) Moderate: novnc security update
2015-04-07 00:00:00
(RHSA-2015:0833) Moderate: novnc security update
2015-04-16 13:12:19
(RHSA-2015:0834) Moderate: novnc security update
2015-04-16 00:00:00
ubuntucve
ubuntucve
CVE-2013-7436
2015-04-10 00:00:00
debiancve
debiancve
CVE-2013-7436
2015-04-10 14:59:00
cve
cve
CVE-2013-7436
2015-04-10 14:59:00
veracode
veracode
Insecure Cookies
2019-01-15 09:05:23
Insecure Cookies
2018-07-18 08:48:48
mageia
mageia
Updated novnc packages fix CVE-2013-7436
2015-04-04 13:45:56
prion
prion
Session fixation
2015-04-10 14:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0133)
2022-01-28 00:00:00
nessus
nessus
RHEL 6 : novnc (RHSA-2015:0884)
2024-04-27 00:00:00
cvelist
cvelist
CVE-2013-7436
2015-04-10 14:00:00
nvd
nvd
CVE-2013-7436
2015-04-10 14:59:00