46 matches found
CVE-2017-14053
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
PT-2015-6081 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.8.1 Description: The issue makes it easier for remote attackers to capture the session id cookie by intercepting its transmission within an http session, as the secure flag is not set for this cookie in an https...
foreman: the _session_id cookie is issued without the Secure flag
It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...
foreman: the _session_id cookie is issued without the Secure flag
It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...
novnc: session hijack through insecurely set session token cookies
It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...
tomcat5 SSO cookie login information disclosure
The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...