Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2017-09-12T14:00:00
Updated: 2024-08-06T13:47:41.820Z
Reserved: 2015-01-22T00:00:00
Link: CVE-2014-9634
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-12T14:29:00.253
Modified: 2024-11-21T02:21:17.830
Link: CVE-2014-9634
Redhat