Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9634

Опубликовано: 15 нояб. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

Отчет

This issue affects the versions of Jenkins as shipped with Red Hat OpenShift Enterprise 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 2jenkinsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1185148Tomcat: failure to set secure flag on cookies

EPSS

Процентиль: 51%
0.00282
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9634

CVSS3: 5.3
ubuntu
почти 8 лет назад

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

nvd логотип

CVE-2014-9634

CVSS3: 5.3
nvd
почти 8 лет назад

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

debian логотип

CVE-2014-9634

CVSS3: 5.3
debian
почти 8 лет назад

Jenkins before 1.586 does not set the secure flag on session cookies w ...

github логотип

GHSA-g7cf-wg27-qw87

CVSS3: 5.3
github
около 3 лет назад

Jenkins secure flag not set on session cookies

EPSS

Процентиль: 51%
0.00282
Низкий

4.3 Medium

CVSS2