CVE-2014-9635CVE-2014-9635

Affected configuration(s):

cpe:/a:jenkins:jenkins:1.585

Date published: 2017-09-12T10:29:00.300-04:00

Date last modified: 2017-09-21T14:47:08.483-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.openwall.com/lists/oss-security/2015/01/22/3

Summary: Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.