The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/546483 | Third Party Advisory US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17702 |
Configurations
No configuration.
History
No history.
Information
Published : 2004-12-31 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2004-0462
Mitre link : CVE-2004-0462
CVE.ORG link : CVE-2004-0462
JSON object : View
Products Affected
No product.
CWE