CVE-2020-26732

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

IBM BigFix Inventory 代码问题漏洞

IBM BigFix Inventory is a suite of solutions for software control and security risk mitigation from IBM USA. A security vulnerability exists in versions prior to IBM BigFix Inventory v10.0.2 that stems from a failure to set a security flag for a session cookie in an https session, which could...

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

Synology Router Manager Information Disclosure Vulnerability (CNVD-2020-60453)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A security vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from not setting a security flag for a session cookie in an HTTPS...

CVE-2020-4749

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure li...

IBM Planning Analytics Licensing Issues Vulnerabilities

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...

CVE-2019-19090

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...

PT-2020-6882 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the Secure Flag in the HTTP response header, which may allow unencrypted connections to access cookie information, making it susceptible to eavesdropping. Thi...

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...

CVE-2019-19739

MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels...

CVE-2018-10692

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily...

UBUNTU-CVE-2018-1340

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

CVE-2016-0351

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID:...

CVE-2017-14053

NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

tcpdump: multiple overflow issues in protocol decoding

Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...

PT-2015-6081 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.8.1 Description: The issue makes it easier for remote attackers to capture the session id cookie by intercepting its transmission within an http session, as the secure flag is not set for this cookie in an https...

foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

novnc: session hijack through insecurely set session token cookies

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack...

tomcat5 SSO cookie login information disclosure

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...