Lucene search
K

8 matches found

Prion
Prion
added 2021/01/14 4:15 p.m.11 views

Session fixation

SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...

5CVSS7.3AI score0.0151EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/02/21 4:29 p.m.14 views

Design/Logic Flaw

IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. IBM X-Force ID:...

4.3CVSS6.3AI score0.0105EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/07/31 3:0 a.m.23 views

CVE-2017-9491

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST; Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST; Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST; Cisco DPC3941T firmware version DPC39412.5s3PRODsey; an...

5.3AI score0.01283EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/03/27 10:0 p.m.24 views

CVE-2017-1142

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

6.4AI score0.01224EPSS
Exploits0References2
Prion
Prion
added 2015/11/08 10:59 p.m.15 views

Session fixation

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session...

5CVSS6.8AI score0.01209EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2014/06/06 2:55 p.m.16 views

Session fixation

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

5CVSS7.1AI score0.01173EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.16 views

Session fixation

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

2.9CVSS6.9AI score0.00674EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/01/18 5:0 p.m.36 views

CVE-2009-5051

Hastymail2 pre-RC8 is vulnerable: in HTTPS sessions the session cookie is not marked Secure, enabling potential interception of the cookie in transit. The OpenVAS entries describe a session-cookie security bypass; no concrete exploit details or patch/version fixes are provided in the supplied doc...

5CVSS6.7AI score0.01064EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder