PT-2019-4359 · Centreon+1 · Centreon Vm+1

Guillaume Quéré

Publicado

2019-10-08

Atualizado

2022-05-24

CVE-2019-17104

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Centreon VM versions prior to 19.04.3 Apache HTTP Server (affected versions not specified)

Description The issue is related to errors in processing cookie files in the Apache HTTP Server within the Centreon VM. This can allow a remote attacker to disclose protected information. Specifically, the cookie configuration does not protect against theft because the HTTPOnly flag is not set.

Recommendations For Centreon VM versions prior to 19.04.3, update to version 19.04.3 or later to resolve the issue. As a temporary workaround, consider setting the HTTPOnly flag for cookies in the Apache HTTP Server configuration to protect against cookie theft.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-565

Identificadores relacionados

BDU:2020-00080

CVE-2019-17104

GHSA-J224-7QR4-8646

Produtos afetados

Apache Http Server

Centreon Vm

PT-2019-4359 · Centreon+1 · Centreon Vm+1

CVE-2019-17104

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11