Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:37229
HistorySep 21, 2022 - 6:57 p.m.

Information Disclosure

2022-09-2118:57:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
rdiffweb
cve-2022-3174
session cookies
insecure http
vulnerability

EPSS

0.001

Percentile

51.2%

JSON

Rdiffweb is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to an incomplete fix of CVE-2022-3174 which causes session cookies instantiated without the Secure attribute when the provided url is invalid. This flaw allows the transport of user cookies over insecure HTTP.

Related

huntr 2
cve 2
osv 6
github 2
nvd 2
cvelist 2
prion 2
veracode 1
huntr
huntr
Secure token is missed when ivalid URL is entered
2022-09-20 13:41:04
Session_id without Secure attribute
2022-09-09 06:57:10
cve
cve
CVE-2022-3250
2022-09-21 17:15:09
CVE-2022-3174
2022-09-13 10:15:12
osv
osv
PYSEC-2022-287
2022-09-21 17:15:00
rdiffweb has insecure HTTP cookies
2022-09-22 00:00:24
CVE-2022-3250
2022-09-21 17:15:09
github
github
rdiffweb has insecure HTTP cookies
2022-09-22 00:00:24
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
2022-09-14 00:00:51
nvd
nvd
CVE-2022-3250
2022-09-21 17:15:09
CVE-2022-3174
2022-09-13 10:15:12
cvelist
cvelist
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
2022-09-21 16:55:14
CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
2022-09-13 09:20:16
prion
prion
Session fixation
2022-09-21 17:15:00
Session fixation
2022-09-13 10:15:00
veracode
veracode
Sensitive Information Disclosure
2022-09-13 16:59:31

EPSS

0.001

Percentile

51.2%

JSON
Related for VERACODE:37229
huntr2cve2osv6github2nvd2cvelist2prion2veracode1