Veracode Vulnerability DatabaseVERACODE:11640Insecure Cookies
0.004 Low
EPSS
Percentile
74.7%
noVNC did not provide support for secure cookies in an HTTPS session. This causes browsers to send session cookies in an insecure HTTP channel. An attacker who is able to intercept traffic will be able to capture cookie information and access the application on behalf of the user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| novnc | eq | 0.4__7.el6ev | |
| novnc | eq | 0.3__10.el6 | |
| novnc | eq | 0.4__6.el6ost | |
| novnc | eq | 0.4__8.el6ost | |
| novnc | eq | 0.4__2.el6 | |
| novnc | eq | 0.4__7.el7ost | |
| novnc | eq | 0.4__4.el6ost | |
| novnc | eq | 0.4__3.el6ost | |
| novnc | eq | 0.4__8.1.el6 |
References
rhn.redhat.com/errata/RHSA-2015-0788.html
rhn.redhat.com/errata/RHSA-2015-0833.html
rhn.redhat.com/errata/RHSA-2015-0834.html
rhn.redhat.com/errata/RHSA-2015-0884.html
www.openwall.com/lists/oss-security/2015/02/17/1
www.openwall.com/lists/oss-security/2015/03/12/13
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1193451
github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
rhn.redhat.com/errata/RHSA-2015-0834.html
Related
