6 matches found
Mageia: Security Advisory (MGASA-2015-0133)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2015:1300-1 Security update for novnc
novnc was updated to fix a session hijacking problem through insecurely set session token cookies bnc922233, CVE-2013-7436. Security Issues: CVE-2013-7436...
CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
UBUNTU-CVE-2013-7436
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2013-7436
The CVE concerns noVNC prior to version 0.5, where the secure flag for cookies was not set during HTTPS sessions, enabling cookie interception across HTTP. Affected software: noVNC pre-0.5. Impact: confidentiality risk via session cookies exposed to MITM in mixed HTTP/HTTPS contexts. Public refer...
Updated novnc packages fix CVE-2013-7436
Updated novnc package fixes security vulnerability: noVNC before 0.5.1 allows an attacker to steal insecurely set session token cookies, hijacking active or inactive VNC sessions CVE-2013-7436...