Information disclosure in Netgate Pfsense
CVE-2014-4692
pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this coo…
Vulnerability class: Information Disclosure
EPSS: 0.021 (79.3th percentile) — read the EPSS interpretation.
Affected products
- Netgate Pfsense
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)