exploitDog

CVE-2014-0174

Опубликовано: 11 июл. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Ссылки

http://rhn.redhat.com/errata/RHSA-2014-0858.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0859.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0858.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0859.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00236

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-0174

redhat

почти 12 лет назад

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

GHSA-p88m-27c7-422h

github

больше 3 лет назад

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

EPSS

Процентиль: 46%

0.00236

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200