2 matches found
CVE-2018-16958
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NETSessionID primary session cookie, when Internet Information Services IIS with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16958
Oracle WebCenter Interaction Portal 10.3.3 is affected. ASP.NET_SessionID cookie used with IIS/ASP.NET is not protected by HttpOnly, and customers cannot enable the attribute. This exposes the cookie to session hijacking if JavaScript runs in the portal origin. No explicit fix/mitigation is provi...