Security Advisory

CVE-2009-3566

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-11-13 15:00:00

Last updated 2024-08-07 06:31:10

Assigner mitre

State PUBLISHED

Description

McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.

← Browse all CVEs View on cve.org ↗