Lucene search
+L

687 matches found

Prion
Prion
added 2015/09/18 10:59 a.m.26 views

Code injection

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5CVSS6.1AI score0.01698EPSS
Exploits0References8Affected Software3
Tenable Nessus
Tenable Nessus
added 2015/06/19 12:0 a.m.94 views

PCS Daemon (pcsd) Cookie Signing Multiple Vulnerabilities

The remote host is affected by multiple vulnerabilities due to a failure by the PCS daemon pcsd to properly set flags in the 'Set-Cookie' header : - A security bypass vulnerability exists due to a failure to set the 'secure' flag. A remote attacker can exploit this to spoof cookies and bypass...

6.8CVSS5.6AI score0.02424EPSS
Exploits1References3
NVD
NVD
added 2015/05/30 7:59 p.m.21 views

CVE-2015-4138

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

4.3CVSS6AI score0.01431EPSS
Exploits0References2
Prion
Prion
added 2015/05/30 7:59 p.m.16 views

Design/Logic Flaw

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive...

4.3CVSS6.6AI score0.01451EPSS
Exploits0References2Affected Software4
CNVD
CNVD
added 2015/05/19 12:0 a.m.4 views

Red Hat PCS Backend Program Set-Cookie Header Information Disclosure Vulnerability

Red Hat is an operating system based on the linux kernel. An information disclosure vulnerability exists in the Set-Cookie header of the PCSD backend program in Red Hat PCS, which allows remote attackers to exploit the vulnerability to gain access to sensitive information via a scripted access...

4.3CVSS6.6AI score0.02097EPSS
Exploits0References1
Prion
Prion
added 2015/05/14 2:59 p.m.19 views

Design/Logic Flaw

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

4.3CVSS6.4AI score0.02424EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVAS
added 2015/04/27 12:0 a.m.27 views

Hotspot Express hotEx Billing Manager <= 73 Multiple Vulnerabilities - Active Check

Hotspot Express hotEx Billing Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02846EPSS
Exploits2References3
NVD
NVD
added 2015/04/16 2:59 p.m.24 views

CVE-2015-3319

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.1AI score0.02846EPSS
Exploits0References4
CVE
CVE
added 2015/04/16 2:0 p.m.41 views

CVE-2015-3319

CVE-2015-3319 affects Hotspot Express hotEx Billing Manager version 73. The root cause is absence of the HttpOnly flag in Set-Cookie headers, enabling potential access to cookies via client-side scripts by remote attackers. Multiple sources (NVD entry and CNVD/OpenVAS notes) corroborate this expo...

5CVSS6.2AI score0.02846EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/03/09 12:0 a.m.5 views

Google Chrome cookie injection attack vulnerability

Google Chrome is a popular WEB browser. A security vulnerability exists in the Google Chrome net/http/proxyclientsocket.cc file due to failure to properly handle the 407 aka Proxy Authentication Required HTTP status code that appears in the Set-Cookie header. A remote attacker can exploit this...

5CVSS7.5AI score0.00949EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/03/09 12:0 a.m.41 views

CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

6.1AI score0.00949EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/03/05 1:59 p.m.7 views

chromium-browser: Cookie injection in proxies

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

5CVSS7.5AI score0.00949EPSS
Exploits0References5
CNVD
CNVD
added 2015/02/21 12:0 a.m.12 views

Red Hat oVirt Engine Information Disclosure Vulnerability

Red Hat oVirt Engine is an open source virtualization management platform, an open source version of RHEV Platform for Enterprise Virtualization, consisting of an oVirt-node client and an overt-engine manager. A security vulnerability exists in Red Hat oVirt Engine 3.4.4 and earlier versions, whe...

5CVSS6.6AI score0.01742EPSS
Exploits0References1
Prion
Prion
added 2015/02/13 3:59 p.m.19 views

Design/Logic Flaw

oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.6AI score0.01742EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2015/02/13 12:0 a.m.10 views

PT-2015-3597 · Ovirt · Ovirt Engine

Name of the Vulnerable Software and Affected Versions: oVirt Engine versions prior to 3.5.0 Description: The issue allows remote attackers to obtain potentially sensitive information via script access to session IDs due to the missing HTTPOnly flag in the Set-Cookie header. Recommendations: For...

5CVSS6.1AI score0.01742EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/02/11 5:38 p.m.12 views

ovirt-engine-webadmin: HttpOnly flag is not included when the session ID is set

It was found that the oVirt web admin interface did not include the HttpOnly flag when setting session IDs with the Set-Cookie header. This flaw could make it is easier for a remote attacker to hijack an oVirt web admin session by leveraging a cross-site scripting XSS vulnerability...

5CVSS5.6AI score0.01742EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/01/20 12:0 a.m.59 views

Mozilla Thunderbird Multiple Vulnerabilities-01 (Jan 2015) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

7.5CVSS9.7AI score0.03861EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2015/01/20 12:0 a.m.30 views

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Jan 2015) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

7.5CVSS9.7AI score0.04158EPSS
Exploits0References9
OSV
OSV
added 2015/01/14 12:0 a.m.6 views

UBUNTU-CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS6.9AI score0.01902EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/01/13 11:18 p.m.4 views

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS7AI score0.01902EPSS
Exploits0References5
Rows per page
Query Builder