CVE-2016-5409

2017-04-2017:00:00

redhat

www.cve.org

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

References

www.securityfocus.com/bid/97988

bugzilla.redhat.com/show_bug.cgi?id=1366461