2 matches found
CVE-2013-4964
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2013-4964
CVE-2013-4964 affects Puppet Enterprise before 3.0.1, where the session cookie is not marked as Secure in an HTTPS session. This allows an attacker intercepting traffic on an HTTP fallback or mixed-channel to capture the session cookie, potentially enabling unauthorized access. The description do...