PT-2014-5553 · Pyplate · Pyplate
Henri Salo
·
Published
2014-08-07
·
Updated
2014-08-07
·
CVE-2014-3852
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pyplate version 0.08
Description
The issue makes it easier for remote attackers to obtain potentially sensitive information via script access to the
id cookie, as the HTTPOnly flag is not included in the Set-Cookie header.Recommendations
For Pyplate version 0.08, consider including the HTTPOnly flag in the Set-Cookie header for the
id cookie to prevent script access. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pyplate