Lucene search
K

429 matches found

Tenable Nessus
Tenable Nessus
added 2011/02/11 12:0 a.m.28 views

Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

Binary data 5789.pasl...

1.2CVSS5.2AI score0.01353EPSS
Exploits1References2
NVD
NVD
added 2010/11/26 8:0 p.m.23 views

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS4.3AI score0.02136EPSS
Exploits0References1
Prion
Prion
added 2010/11/26 8:0 p.m.14 views

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

6.4CVSS6.9AI score0.02136EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2010/11/26 7:0 p.m.32 views

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

4.2AI score0.02136EPSS
Exploits0References1
CVE
CVE
added 2010/11/26 7:0 p.m.72 views

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

6.4CVSS4.4AI score0.02136EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2009/11/13 3:30 p.m.18 views

Cross site scripting

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS6.1AI score0.04038EPSS
Exploits3References9Affected Software1
NVD
NVD
added 2009/11/13 3:30 p.m.16 views

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

4.3CVSS5.7AI score0.04038EPSS
Exploits3References9
Cvelist
Cvelist
added 2009/11/13 3:0 p.m.22 views

CVE-2009-3566

McAfee IntruShield Network Security Manager NSM before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting XSS vulnerability...

5.7AI score0.04038EPSS
Exploits3References9
Vulnrichment
Vulnrichment
added 1976/01/01 12:0 a.m.18 views

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

7AI score0.0027EPSS
Exploits1References1
Rows per page
Query Builder