pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-02T10:00:00
Updated: 2024-08-06T11:27:35.302Z
Reserved: 2014-06-28T00:00:00
Link: CVE-2014-4692
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-02T10:35:26.033
Modified: 2024-11-21T02:10:43.030
Link: CVE-2014-4692
Redhat
No data.