882 matches found
CVE-2014-9250
CVE-2014-9250 affects Zenoss Core through 5 Beta 3, where the authentication cookie is sent without the HttpOnly flag in Set-Cookie. This exposes credential information to client-side script access, increasing risk of credential exposure. The document notes mitigation by enabling SSL/HTTPS to bet...
CVE-2014-8775
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Design/Logic Flaw
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-8775
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-8775
MODX Revolution 2.x before 2.2.15 is vulnerable due to the session cookie not setting the HTTPOnly flag, allowing remote attackers to access potentially sensitive information via script access. Exploitation details are not provided in the available documents. No explicit remediation/version fix i...
Block.io: Various Low level Vulnerabilities
1.XSS protection Not Enabled: Example URL: https://block.io/js/secure/secrets.js?mtime=1412493238 Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server The X-XSS-Protection HTTP response header allows the we...
Design/Logic Flaw
McAfee Network Data Loss Prevention NDLP before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-8525
McAfee Network Data Loss Prevention NDLP before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-8525
CVE-2014-8525 affects McAfee Network Data Loss Prevention (NDLP) prior to 9.3, where the session cookie Set-Cookie header omits the HttpOnly flag. This allows script access to the cookie, potentially exposing sensitive information. The provided sources describe the issue but do not specify affect...
CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Code injection
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-4830
IBM QRadar, QRM, and QVM are affected by CVE-2014-4830 due to failure to set the HTTPOnly flag on the session cookie in web interfaces. This allows script access to the cookie, potentially exposing sensitive information. Affected versions include IBM QRadar/QRM/QVM 7.2 MR2 and QRadar/QRM 7.1 MR1,...
F5 Networks BIG-IP : Apache vulnerability (SOL15273)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2014-3852
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Design/Logic Flaw
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-3852
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-3852
CVE-2014-3852 affects Pyplate 0.08: the id cookie Set-Cookie header is not marked HTTPOnly, enabling potential script access to the cookie and exposure of sensitive information. The NVD reports a medium base score (5.0) with network attack vector and partial confidentiality impact. No remediation...
Design/Logic Flaw
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-0174
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...