Описание
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0_build1011110331.18:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.
EPSS
Процентиль: 48%
0.0025
Низкий
5 Medium
CVSS2
Дефекты
CWE-200