Lucene search

MitreCVE-2014-3852

HistoryAug 07, 2014 - 11:13 a.m.

CVE-2014-3852

2014-08-0711:13:35

CWE-200

mitre

web.nvd.nist.gov

pyplate

0.08

set-cookie

httponly

cve-2014-3852

security

information disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Affected configurations

Nvd

Node

pyplatepyplateMatch0.08

VendorProductVersionCPE
pyplatepyplate0.08cpe:2.3:a:pyplate:pyplate:0.08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pyplate	pyplate	0.08	cpe:2.3:a:pyplate:pyplate:0.08:::::::*

References

www.openwall.com/lists/oss-security/2014/05/14/3

www.openwall.com/lists/oss-security/2014/05/23/1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2014-3852