Lucene search
K

46 matches found

OSV
OSV
added 2017/09/01 9:29 p.m.3 views

CVE-2017-14053

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

7.5CVSS5.8AI score0.01845EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/08/14 12:0 a.m.4 views

PT-2015-6081 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.8.1 Description: The issue makes it easier for remote attackers to capture the session id cookie by intercepting its transmission within an http session, as the secure flag is not set for this cookie in an https...

5CVSS6.2AI score0.02222EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.3 views

foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

5CVSS5.7AI score0.02222EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/12 4:49 a.m.7 views

foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

5CVSS5.7AI score0.02222EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/23 1:4 p.m.3 views

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

4.3CVSS5.8AI score0.02183EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.7 views

tomcat5 SSO cookie login information disclosure

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS5.8AI score0.19622EPSS
Exploits0References4
Rows per page
Query Builder