393 matches found
Code injection
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...
F5 Networks BIG-IP : HTTP cookie vulnerability (SOL15406)
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 C Tenable Network Security, Inc. The...
The xsrf cookie token is not a 'secure' cookie for secure('https') requests
To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...
The xsrf cookie token is not a 'secure' cookie for secure('https') requests
To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
Apache Tomcat 6.x < 6.0.9 Information Disclosure
According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.9. It is, therefore, affected by an information disclosure vulnerability. If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSS...
PT-2008-4013 · Cre Loaded · Cre Loaded
Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: The issue is related to the handling of cookies over HTTPS. Specifically, the software does not set the "Secure" attribute for cookies sent over HTTPS, which could allow remote attackers t...
Fixed in Apache Tomcat 6.0.9
Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...
CVE-2004-0462
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...
CVE-2004-0462
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...