Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2016-04-22T00:00:00
Updated: 2024-08-05T23:24:48.596Z
Reserved: 2016-02-09T00:00:00
Link: CVE-2016-2304
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-04-22T00:59:05.447
Modified: 2016-04-28T18:15:24.497
Link: CVE-2016-2304
Redhat
No data.