Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-09-12T14:00:00

Updated: 2024-08-06T13:47:41.820Z

Reserved: 2015-01-22T00:00:00

Link: CVE-2014-9634

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-12T14:29:00.253

Modified: 2024-11-21T02:21:17.830

Link: CVE-2014-9634

cve-icon Redhat

Severity : Low

Publid Date: 2014-11-15T00:00:00Z

Links: CVE-2014-9634 - Bugzilla