PT-2019-4359 · Centreon+1 · Centreon Vm+1

Guillaume Quéré

Published

2019-10-08

Updated

2022-05-24

CVE-2019-17104

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Centreon VM versions prior to 19.04.3 Apache HTTP Server (affected versions not specified)

Description The issue is related to errors in processing cookie files in the Apache HTTP Server within the Centreon VM. This can allow a remote attacker to disclose protected information. Specifically, the cookie configuration does not protect against theft because the HTTPOnly flag is not set.

Recommendations For Centreon VM versions prior to 19.04.3, update to version 19.04.3 or later to resolve the issue. As a temporary workaround, consider setting the HTTPOnly flag for cookies in the Apache HTTP Server configuration to protect against cookie theft.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-565

Related Identifiers

BDU:2020-00080

CVE-2019-17104

GHSA-J224-7QR4-8646

Affected Products

Apache Http Server

Centreon Vm

PT-2019-4359 · Centreon+1 · Centreon Vm+1

CVE-2019-17104

Weakness Enumeration

Related Identifiers

Affected Products

References · 11