Security Advisory

CVE-2014-9635

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-09-12 14:00:00

Last updated 2024-08-06 13:47:41

Assigner redhat

State PUBLISHED

Description

Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

← Browse all CVEs View on cve.org ↗