AI Score
Confidence
High
EPSS
Percentile
69.0%
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
www.securityfocus.com/bid/97988
bugzilla.redhat.com/show_bug.cgi?id=1366461