Lucene search
K

680 matches found

NVD
NVD
added 2011/08/09 7:55 p.m.30 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.2AI score0.01012EPSS
Exploits0References6
NVD
NVD
added 2011/08/09 7:55 p.m.36 views

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.5AI score0.0099EPSS
Exploits0References5
Prion
Prion
added 2011/08/09 7:55 p.m.23 views

Design/Logic Flaw

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

5.8CVSS6.6AI score0.01012EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/08/09 7:0 p.m.39 views

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS...

6.1AI score0.01012EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2011/06/21 10:42 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.26 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.02667EPSS
Exploits0References5
Prion
Prion
added 2010/11/26 8:0 p.m.14 views

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS6.9AI score0.02136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/11/26 7:0 p.m.72 views

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

6.4CVSS4.4AI score0.02136EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2010/11/14 12:0 a.m.19 views

Camtron CMNC-200 IP Camera Denial of Service

Exploit for hardware platform in category dos / poc ============================================ Camtron CMNC-200 IP Camera Denial of Service ============================================ The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending...

7AI score
Exploits0
exploitpack
exploitpack
added 2010/11/13 12:0 a.m.56 views

Camtron CMNC-200 IP Camera - Denial of Service

Camtron CMNC-200 IP Camera - Denial of Service Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests...

7.8CVSS0.8AI score0.03041EPSS
Exploits5
Exploit DB
Exploit DB
added 2010/08/03 12:0 a.m.63 views

HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow

HP OPENVIEW NNM OVJAVALOCALE BUFFER OVERFLOW VULNERABILITY 1. ADVISORY INFORMATION Title: HP OpenView NNM OvJavaLocale Buffer Overflow Vulnerability Advisory Id: CORE-2010-0608 Advisory URL: http://www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow Date published: 2010-08-03 Date of...

9.3CVSS6.4AI score0.42261EPSS
Exploits10
Prion
Prion
added 2009/11/13 3:30 p.m.18 views

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS6.1AI score0.04038EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2009/11/13 3:0 p.m.22 views

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

5.7AI score0.04038EPSS
Exploits3References9
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.27 views

Alcatel OmniSwitch switches buffer overflow

Buffer overflow on oversized Cookie: header in embedded web server...

3.3AI score
Exploits0References1
NVD
NVD
added 2006/02/23 11:2 p.m.12 views

CVE-2006-0864

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...

10CVSS7.1AI score0.02815EPSS
Exploits0References7
Prion
Prion
added 2006/01/13 11:3 p.m.33 views

Design/Logic Flaw

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

5CVSS6.8AI score0.04195EPSS
Exploits0References18Affected Software1
NVD
NVD
added 2006/01/13 11:3 p.m.30 views

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

5CVSS6.7AI score0.04195EPSS
Exploits0References18
Cvelist
Cvelist
added 2006/01/13 11:0 p.m.38 views

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...

6.6AI score0.04195EPSS
Exploits0References18
Ubuntu
Ubuntu
added 2005/03/08 8:6 p.m.54 views

USN-93-1: Squid vulnerability

A race condition was discovered in the handling of "Set-Cookie" headers. If the obsolete Netscape recommendation was used for handling cookies in the cache, it was possible for an attacker to steal the cookies of other users...

2.6CVSS5.3AI score0.01352EPSS
Exploits0
securityvulns
securityvulns
added 2005/03/04 12:0 a.m.25 views

Squid proxy Set-Cookie header race conditions cookie leak

Race condition leads to the situation Set-Cookie header is leaked to different connection...

2.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder