3 matches found
CVE-2013-3637
ProjectPier 0.8.8 does not use the Secure flag for cookies...
CVE-2013-3637
CVE-2013-3637 affects ProjectPier 0.8.8, with the root issue that session cookies are set without the Secure flag. This means cookies can be transmitted over non-HTTPS connections, potentially exposing session identifiers. The available records (NVD, Red Hat, PRIO, and CVE listings) confirm the i...
Re: Project Pier Web Vulnerabilities
Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...