Lucene search
+L

393 matches found

Prion
Prion
added 2017/06/08 9:29 p.m.19 views

Code injection

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session SSL cookie. IBM X-Force ID: 125731...

5CVSS7.1AI score0.01009EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.180 views

F5 Networks BIG-IP : HTTP cookie vulnerability (SOL15406)

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. CVE-2004-0462 C Tenable Network Security, Inc. The...

2.1CVSS5.4AI score0.00433EPSS
Exploits0References2
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.17 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/21 3:42 a.m.24 views

The xsrf cookie token is not a 'secure' cookie for secure('https') requests

To prevent against man in the middle attacks the xsrf cookie token should have the 'secure' attribute set...

2.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.18 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.17 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.18 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.20 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/06/11 12:0 a.m.39 views

Apache Tomcat 6.x < 6.0.9 Information Disclosure

According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.9. It is, therefore, affected by an information disclosure vulnerability. If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the JSESSIONIDSS...

5CVSS5.3AI score0.19622EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2008/06/05 12:0 a.m.4 views

PT-2008-4013 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: The issue is related to the handling of cookies over HTTPS. Specifically, the software does not set the "Secure" attribute for cookies sent over HTTPS, which could allow remote attackers t...

5CVSS6.6AI score0.01064EPSS
Exploits0References3
Apache Tomcat
Apache Tomcat
added 2007/02/08 12:0 a.m.64 views

Fixed in Apache Tomcat 6.0.9

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.7AI score0.19622EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.26 views

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

6.4AI score0.00433EPSS
Exploits0References2
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

2.1CVSS6.4AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder