Design/Logic Flaw

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies...

CVE-2016-5409

Red Hat OpenShift Enterprise 2 is affected: the GEARID cookie’s Set-Cookie header does not set the HttpOnly flag, which could allow remote attackers to access potentially sensitive information via script. Root cause: missing HttpOnly on the GEARID cookie. Impact: disclosed information with partia...

QNAP QTS < 4.2.4 Build 20170313 Multiple Vulnerabilities - Active Check

QNAP QTS web user interface is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

Leakage Of Session Tokens

fh-wfm-user is vulnerable to leakage of session tokens. The vulnerability exists as the session tokens are stored in the client's LocalStorage instead of being stored in a cookie with the secure and HttpOnly flags...

HTTP TRACE Allowed

The HTTP TRACE method allows a client to send a request to the server, and have the same request sent back in the server's response. This allows the client to determine if the server is receiving the request as expected. Often this method is used for debugging purposes e.g. to verify that a reque...

Cookie Without HttpOnly Flag Detected

The HttpOnly flag assists in the prevention of client side-scripts such as JavaScript from accessing and using the cookie. This can help prevent XSS attacks from targeting the cookies holding the client's session token setting the HttpOnly flag does not prevent, nor safeguard against XSS...

Google’s lessons in security: bring together security engineering and incident response

Last week during Google Next conference, we have heard an interesting talk where a google security PM, Andy Chang, explained what Google has learned from preventing, detecting and responding to cyber attacks over the years. Not surprisingly, Google is paying a lot of attention to securing the...

JBoss bpms 6.3.x cookie does not set httponly

It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS...

JBoss bpms 6.3.x cookie does not set httponly

It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS...

Mattermost 3.5.0 / 3.5.1 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Mattermost Vendor URL: www.mattermost.org Type: Cross-site Scripting CWE-79 Date found: 02/12/2016 Date published: 16/01/2017 CVSSv3 Score: 4.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

Stored Cross-Site Scripting Vulnerability in SS-Panel

SS-Panel is a front-end program that works with Shadowsocks-Manyuser. A stored cross-site scripting vulnerability exists in SS-Panel version 3.3.9. Since HttpOnly is not enabled by default, an attacker can exploit the vulnerability to obtain an administrator cookie and use the cookie to log in to...

ALPINE-CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

DEBIAN-CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Design/Logic Flaw

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

UBUNTU-CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...