CVE-2021-40649

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the HttpOnly flag set...

CVE-2021-40649

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the HttpOnly flag set...

CVE-2021-40649

In Connx 6.2.0.1269 (20210623), the application can issue a cookie that is not marked HttpOnly. This creates a potential exposure where the cookie could be accessed by client-side scripts, aligning with a CVSS base of 6.4 (NVD) / 6.5 (CVSS3.1) and a MEDIUM severity: network attack vector, low att...

Software AG Connx 安全漏洞

Software AG Connx is a data integration solution from Software AG, Germany. A security vulnerability exists in Software AG Connx version 6.2.0.1269 20210623 that stems from a cookie that can be issued by the application and does not have the HttpOnly flag set...

GHSA-47WC-P5CP-W7PW Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

Centreon Does Not Set HTTPOnly Flag

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

GHSA-7F6W-FHMR-J8HQ Jenkins HttpOnly flag not Set for session cookies

Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies...

GHSA-PVJH-7H8Q-Q56R Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

Information disclosure

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

PT-2022-17111 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: An information disclosure issue exists in the web interface session cookie functionality. The session cookie lacks the HttpOnly flag, making it accessible via JavaScript. This allows an...

InHand Networks InRouter302 跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of the HttpOnly flag in the session cookie, which could be exploited by an attacker to The vulnerabilit...

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

InHand Networks InRouter302 web interface session cookie information disclosure vulnerability

Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...

CVE-2021-27764

CVE-2021-27764 affects HCL BigFix Platform WebUI where a NUMBER cookie is set without Secure or HTTPOnly flags. The available connected documents confirm the issue is a missing HTTPOnly flag in cookies used by WebUI, leading to potential cookie exposure. No exploitation details or affected versio...

CVE-2021-27764 HCL BigFix WebUI Cookie missing attributes

Cookie without HTTPONLY flag set. NUMBER cookies was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. WebUI...