CVE-2014-9250
CVE-2014-9250 affects Zenoss Core through 5 Beta 3, where the authentication cookie is sent without the HttpOnly flag in Set-Cookie. This exposes credential information to client-side script access, increasing risk of credential exposure. The document notes mitigation by enabling SSL/HTTPS to bet...