3 matches found
CVE-2013-3636
ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag...
CVE-2013-3636
CVE-2013-3636 affects ProjectPier 0.8.8, describing a remote information disclosure caused by session cookies lacking the HttpOnly flag. Multiple connected sources (NVD, Red Hat, CVE lists, etc.) confirm the weakness and its impact (cookie-based information disclosure) without detailing a patch. ...
Re: Project Pier Web Vulnerabilities
Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...