3 matches found
CVE-2021-35236
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...
CVE-2021-35236
Kiwi Syslog Server 9.7.2 and earlier is affected by CVE-2021-35236 due to the SSL cookie lacking the Secure attribute, allowing the cookie to be sent over unencrypted HTTP where the application is reachable via HTTP+HTTPS. The root cause is an unsecured Secure flag on the cookie, which can lead t...
CVE-2021-35236 Missing Secure Flag From SSL Cookie
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted...