CVE-2013-7436

Published: Apr 10, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150217 CVE request: novnc: session hijack through insecurely set session token cookies

mailing-list

x_refsource_MLIST

RHSA-2015:0833

vendor-advisory

x_refsource_REDHAT

RHSA-2015:0884

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1193451

x_refsource_CONFIRM

https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd

x_refsource_CONFIRM

RHSA-2015:0788

vendor-advisory

x_refsource_REDHAT

[oss-security] 20150312 CVE request: novnc: session hijack through insecurely set session token cookies

mailing-list

x_refsource_MLIST

RHSA-2015:0834

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-7436

Description

Affected Products

References