Information disclosure in Redhat Enterprise_mrg

CVE-2014-0174

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informa…

Vulnerability class: Information Disclosure

EPSS: 0.002 (46.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Enterprise_mrg — versions 2.5
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2014:0858 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2014:0859 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)